From owner-svn-ports-head@FreeBSD.ORG Mon Jan 27 13:35:47 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 144CBE0C; Mon, 27 Jan 2014 13:35:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E7A5918EB; Mon, 27 Jan 2014 13:35:46 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id s0RDZfNR022365; Mon, 27 Jan 2014 13:35:46 GMT (envelope-from decke@svn.freebsd.org) Received: (from decke@localhost) by svn.freebsd.org (8.14.7/8.14.7/Submit) id s0RDZfTj022362; Mon, 27 Jan 2014 13:35:41 GMT (envelope-from decke@svn.freebsd.org) Message-Id: <201401271335.s0RDZfTj022362@svn.freebsd.org> From: Bernhard Froehlich Date: Mon, 27 Jan 2014 13:35:41 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r341405 - head/security/strongswan X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jan 2014 13:35:47 -0000 Author: decke Date: Mon Jan 27 13:35:40 2014 New Revision: 341405 URL: http://svnweb.freebsd.org/changeset/ports/341405 QAT: https://qat.redports.org/buildarchive/r341405/ Log: - Update to 5.1.1 - Added EAP dynamic proxy module - Added EAP Radius proxy authentication - Added DNSSEC/unbound support - Added kernel libipsec plugin - Changed configuration files to install to ${PREFIX}/etc/.conf.sample - Convert to new options format PR: ports/185535 Submitted by: Francois ten Krooden (maintainer) Security: CVE-2013-5018 Security: CVE-2013-6075 Security: CVE-2013-6076 Modified: head/security/strongswan/Makefile head/security/strongswan/distinfo head/security/strongswan/pkg-plist Modified: head/security/strongswan/Makefile ============================================================================== --- head/security/strongswan/Makefile Mon Jan 27 13:35:10 2014 (r341404) +++ head/security/strongswan/Makefile Mon Jan 27 13:35:40 2014 (r341405) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= strongswan -PORTVERSION= 5.0.4 -PORTREVISION= 1 +PORTVERSION= 5.1.1 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ @@ -37,6 +36,7 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \ --enable-blowfish \ --enable-addrblock \ --enable-whitelist \ + --enable-cmd \ --with-group=wheel \ --with-lib-prefix=${PREFIX} @@ -44,38 +44,47 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \ MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 MAN8= ipsec.8 _updown.8 _updown_espmark.8 -OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE +OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE IKEv1 \ + IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE \ + TESTVECTOR UNBOUND XAUTH +OPTIONS_SUB= ${OPTIONS_DEFINE} CURL_DESC= Enable CURL to fetch CRL/OCSP EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend +EAPDYNAMIC_DESC= Enable EAP dynamic proxy module +EAPRADIUS_DESC= Enable EAP Radius proxy authentication EAPSIMFILE_DESC= Enable EAP SIM with file backend -IKEv1_DESC= Enable IKEv1 support (Experimental) - -NO_STAGE= yes -.include +IKEv1_DESC= Enable IKEv1 support +IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC +KERNELLIBIPSEC_DESC= Enable IPSec userland backend +LOADTESTER_DESC= Enable load testing plugin +TESTVECTOR_DESC= Enable crypto test vectors +UNBOUND_DESC= Enable DNSSEC-enabled resolver +XAUTH_DESC= Enable XAuth password verification # Extra options -.if ${PORT_OPTIONS:MCURL} -CONFIGURE_ARGS+= --enable-curl -LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl -PLIST_SUB+= CURL="" -.else -PLIST_SUB+= CURL="@comment " -.endif - -.if ${PORT_OPTIONS:MEAPSIMFILE} -CONFIGURE_ARGS+= --enable-eap-sim --enable-eap-sim-file -PLIST_SUB+= EAPSIMFILE="" -.else -PLIST_SUB+= EAPSIMFILE="@comment " -.endif +CURL_CONFIGURE_ON= --enable-curl +CURL_LIB_DEPENDS= curl:${PORTSDIR}/ftp/curl +EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2 +EAPAKA3GPP2_LIB_DEPENDS=gmp:${PORTSDIR}/math/gmp +EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic +EAPRADIUS_CONFIGURE_ON= --enable-eap-radius +EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file +IKEv1_CONFIGURE_OFF= --disable-ikev1 +IPSECKEY_CONFIGURE_ON= --enable-ipseckey +KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec +LOADTESTER_CONFIGURE_ON=--enable-load-tester +LDAP_CONFIGURE_ON= --enable-ldap +LDAP_USE= USE_OPENLDAP=yes +MYSQL_CONFIGURE_ON= --enable-mysql +MYSQL_USE= USE_MYSQL=yes +SQLITE_CONFIGURE_ON= --enable-sqlite +SQLITE_LIB_DEPENDS= sqlite3:${PORTSDIR}/databases/sqlite3 +TESTVECTOR_CONFIGURE_ON=--enable-test-vectors +UNBOUND_CONFIGURE_ON= --enable-unbound +UNBOUND_LIB_DEPENDS= unbound:${PORTSDIR}/dns/unbound +XAUTH_CONFIGURE_ON= --enable-xauth-eap --enable-xauth-generic -.if ${PORT_OPTIONS:MEAPAKA3GPP2} -CONFIGURE_ARGS+= --enable-eap-aka --enable-eap-aka-3gpp2 -LIB_DEPENDS+= gmp:${PORTSDIR}/math/gmp -PLIST_SUB+= EAPAKA3GPP2="" -.else -PLIST_SUB+= EAPAKA3GPP2="@comment " -.endif +.include .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2} PLIST_SUB+=SIMAKA="" @@ -83,37 +92,6 @@ PLIST_SUB+=SIMAKA="" PLIST_SUB+=SIMAKA="@comment " .endif -.if ${PORT_OPTIONS:MIKEv1} -PLIST_SUB+= IKEv1="" -.else -CONFIGURE_ARGS+= --disable-ikev1 -PLIST_SUB+= IKEv1="@comment " -.endif - -.if ${PORT_OPTIONS:MLDAP} -USE_OPENLDAP= yes -CONFIGURE_ARGS+= --enable-ldap -PLIST_SUB+= LDAP="" -.else -PLIST_SUB+= LDAP="@comment " -.endif - -.if ${PORT_OPTIONS:MMYSQL} -CONFIGURE_ARGS+= --enable-mysql -USE_MYSQL= yes -PLIST_SUB+= MYSQL="" -.else -PLIST_SUB+= MYSQL="@comment " -.endif - -.if ${PORT_OPTIONS:MSQLITE} -CONFIGURE_ARGS+= --enable-sqlite -LIB_DEPENDS+= sqlite3:${PORTSDIR}/databases/sqlite3 -PLIST_SUB+= SQLITE="" -.else -PLIST_SUB+= SQLITE="@comment " -.endif - .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE} CONFIGURE_ARGS+= --enable-attr-sql --enable-sql PLIST_SUB+= SQL="" @@ -121,11 +99,9 @@ PLIST_SUB+= SQL="" PLIST_SUB+= SQL="@comment " .endif -.include - -# Requires FreeBSD 8 and above to work -.if ${OSVERSION} < 800000 -IGNORE= requires at least FreeBSD 8.X -.endif +post-install: + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} + ${MV} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESDIR} + ${MV} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR} -.include +.include Modified: head/security/strongswan/distinfo ============================================================================== --- head/security/strongswan/distinfo Mon Jan 27 13:35:10 2014 (r341404) +++ head/security/strongswan/distinfo Mon Jan 27 13:35:40 2014 (r341405) @@ -1,2 +1,2 @@ -SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2 -SIZE (strongswan-5.0.4.tar.bz2) = 3412930 +SHA256 (strongswan-5.1.1.tar.bz2) = fbf2a668221fc4a36a34bdeac2dfeda25b96f572d551df022585177953622406 +SIZE (strongswan-5.1.1.tar.bz2) = 3673200 Modified: head/security/strongswan/pkg-plist ============================================================================== --- head/security/strongswan/pkg-plist Mon Jan 27 13:35:10 2014 (r341404) +++ head/security/strongswan/pkg-plist Mon Jan 27 13:35:40 2014 (r341405) @@ -1,5 +1,3 @@ -etc/ipsec.conf -etc/strongswan.conf lib/ipsec/libcharon.a lib/ipsec/libcharon.la lib/ipsec/libcharon.so @@ -97,12 +95,18 @@ lib/ipsec/plugins/libstrongswan-pkcs7.so lib/ipsec/plugins/libstrongswan-pkcs8.a lib/ipsec/plugins/libstrongswan-pkcs8.la lib/ipsec/plugins/libstrongswan-pkcs8.so +lib/ipsec/plugins/libstrongswan-pkcs12.a +lib/ipsec/plugins/libstrongswan-pkcs12.la +lib/ipsec/plugins/libstrongswan-pkcs12.so lib/ipsec/plugins/libstrongswan-pubkey.a lib/ipsec/plugins/libstrongswan-pubkey.la lib/ipsec/plugins/libstrongswan-pubkey.so lib/ipsec/plugins/libstrongswan-random.a lib/ipsec/plugins/libstrongswan-random.la lib/ipsec/plugins/libstrongswan-random.so +lib/ipsec/plugins/libstrongswan-rc2.a +lib/ipsec/plugins/libstrongswan-rc2.la +lib/ipsec/plugins/libstrongswan-rc2.so lib/ipsec/plugins/libstrongswan-resolve.a lib/ipsec/plugins/libstrongswan-resolve.la lib/ipsec/plugins/libstrongswan-resolve.so @@ -118,6 +122,9 @@ lib/ipsec/plugins/libstrongswan-sha2.so lib/ipsec/plugins/libstrongswan-socket-default.a lib/ipsec/plugins/libstrongswan-socket-default.la lib/ipsec/plugins/libstrongswan-socket-default.so +lib/ipsec/plugins/libstrongswan-sshkey.a +lib/ipsec/plugins/libstrongswan-sshkey.la +lib/ipsec/plugins/libstrongswan-sshkey.so lib/ipsec/plugins/libstrongswan-stroke.a lib/ipsec/plugins/libstrongswan-stroke.la lib/ipsec/plugins/libstrongswan-stroke.so @@ -141,6 +148,13 @@ libexec/ipsec/starter libexec/ipsec/stroke libexec/ipsec/whitelist sbin/ipsec +sbin/charon-cmd +share/examples/strongswan/ipsec.conf +share/examples/strongswan/strongswan.conf +%%EAPRADIUS%%lib/ipsec/libradius.a +%%EAPRADIUS%%lib/ipsec/libradius.la +%%EAPRADIUS%%lib/ipsec/libradius.so +%%EAPRADIUS%%lib/ipsec/libradius.so.0 %%SIMAKA%%lib/ipsec/libsimaka.a %%SIMAKA%%lib/ipsec/libsimaka.la %%SIMAKA%%lib/ipsec/libsimaka.so @@ -154,6 +168,12 @@ sbin/ipsec %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.a %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.la %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.so +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.a +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.la +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.so +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.a +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.la +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.so %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.a %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.la %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.so @@ -166,6 +186,20 @@ sbin/ipsec %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.a %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.la %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.so +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.a +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.la +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.so +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.a +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.la +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.so +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.so.0 +%%KERNELLIBIPSEC%%lib/ipsec/plugins/libstrongswan-kernel-libipsec.a +%%KERNELLIBIPSEC%%lib/ipsec/plugins/libstrongswan-kernel-libipsec.la +%%KERNELLIBIPSEC%%lib/ipsec/plugins/libstrongswan-kernel-libipsec.so +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.a +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.la +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.so +%%LOADTESTER%%libexec/ipsec/load-tester %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.a %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.la %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.so @@ -182,6 +216,16 @@ sbin/ipsec %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.a %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.la %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.so +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.a +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.la +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.so +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.a +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.la +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.so +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.a +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.la +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.so +@dirrm share/examples/strongswan @dirrm libexec/ipsec @dirrm lib/ipsec/plugins @dirrm lib/ipsec