From owner-freebsd-bugs@FreeBSD.ORG Fri Jun 5 04:30:04 2009 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8C0D1065674 for ; Fri, 5 Jun 2009 04:30:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 93CFC8FC14 for ; Fri, 5 Jun 2009 04:30:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n554U41c034623 for ; Fri, 5 Jun 2009 04:30:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n554U49d034618; Fri, 5 Jun 2009 04:30:04 GMT (envelope-from gnats) Resent-Date: Fri, 5 Jun 2009 04:30:04 GMT Resent-Message-Id: <200906050430.n554U49d034618@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Damian Gerow Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D99171065689 for ; Fri, 5 Jun 2009 04:29:28 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id C7F668FC15 for ; Fri, 5 Jun 2009 04:29:28 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n554TS8n032497 for ; Fri, 5 Jun 2009 04:29:28 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id n554TSoa032496; Fri, 5 Jun 2009 04:29:28 GMT (envelope-from nobody) Message-Id: <200906050429.n554TSoa032496@www.freebsd.org> Date: Fri, 5 Jun 2009 04:29:28 GMT From: Damian Gerow To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/135274: New port: security/openconnect X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 04:30:05 -0000 >Number: 135274 >Category: misc >Synopsis: New port: security/openconnect >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jun 05 04:30:04 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Damian Gerow >Release: 8.0-CURRENT 800087 >Organization: >Environment: FreeBSD plebeian.afflictions.org 8.0-CURRENT FreeBSD 8.0-CURRENT #1: Tue May 19 21:10:28 EDT 2009 dgerow@plebeian.afflictions.org:/usr/obj/usr/src/sys/GENERIC amd64 >Description: A new port for OpenConnect, an open-source client for Cisco's AnyConnect SSL VPN. Very similar to vpnc. The only thing worth noting is the lack of DTLS support noted in pkg-message (and README.DTLS). >How-To-Repeat: >Fix: See attached file Patch attached with submission follows: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # security/openconnect # security/openconnect/pkg-plist # security/openconnect/pkg-message # security/openconnect/pkg-descr # security/openconnect/Makefile # security/openconnect/distinfo # echo c - security/openconnect mkdir -p security/openconnect > /dev/null 2>&1 echo x - security/openconnect/pkg-plist sed 's/^X//' >security/openconnect/pkg-plist << '0685a92e1a8ecdffddd609a225763f6f' Xbin/openconnect X%%WITH_GUI%%libexec/nm-openconnect-auth-dialog 0685a92e1a8ecdffddd609a225763f6f echo x - security/openconnect/pkg-message sed 's/^X//' >security/openconnect/pkg-message << '216930bad5354752061aa706ed3cef97' XCisco's implementation of the DTLS protocol unfortunately does not Xcomply with the relevant standards. OpenSSL must be patched to Xprovide full compliance with their implementation, and due to the Xolder release of OpenSSL in the FreeBSD base, there are additional Xpatches that must be applied to achieve the same goal. Though XOpenConnect will still function, all traffic will be passed over Xan HTTPS connection. Should there be any packet loss on your Xlink, your VPN connection will suffer greatly. X XMore information is included in README.DTLS. 216930bad5354752061aa706ed3cef97 echo x - security/openconnect/pkg-descr sed 's/^X//' >security/openconnect/pkg-descr << '7bf82393a86585290984571f8fec4a99' XOpenConnect is a client for Cisco's AnyConnect SSL VPN, which is Xsupported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, X1800, 2800, 3800, 7200 Series and Cisco 7301 Routers. X XLike vpnc, OpenConnect is not officially supported by, or Xassociated in any way with, Cisco Systems. It just happens to Xinteroperate with their equipment. X XWWW: http://www.infradead.org/openconnect.html 7bf82393a86585290984571f8fec4a99 echo x - security/openconnect/Makefile sed 's/^X//' >security/openconnect/Makefile << '0acce8dae2cc43ab31a5f34c9ca58fe3' X# New ports collection makefile for: openconnect X# Date created: 03 June 2009 X# Whom: Damian Gerow X# X# $FreeBSD$ X# X XPORTNAME= openconnect XPORTVERSION= 2.00 XCATEGORIES= security XMASTER_SITES= ftp://ftp.infradead.org/pub/openconnect/ \ X CRITICAL X XMAINTAINER= dgerow@afflictions.org XCOMMENT= A client for Cisco\'s AnyConnect SSL VPN X XLIB_DEPENDS= xml2.5:${PORTSDIR}/textproc/libxml2 X XUSE_GMAKE= yes XMAKE_JOBS_SAFE= yes XUSE_OPENSSL= yes XOPENSSL= ${OPENSSLBASE} X XMAN8= openconnect.8 XPORTDOCS= README.* X X.include X XOPTIONS+= GUI "Enable the OpenConnect configuration GUI" off X X.include X X.if !defined(WITHOUT_GUI) XLIB_DEPENDS+= gtk-x11-2.0.0:${PORTSDIR}/x11-toolkits/gtk20 XLIB_DEPENDS+= gconf-2.4:${PORTSDIR}/devel/gconf2 XPLIST_SUB+= WITH_GUI="" X.else XPLIST_SUB+= WITH_GUI="@comment " X.endif X Xdo-install: X ${INSTALL_PROGRAM} -m 751 ${WRKSRC}/openconnect ${PREFIX}/bin/openconnect X.if !defined(WITHOUT_GUI) X ${INSTALL_PROGRAM} ${WRKSRC}/nm-openconnect-auth-dialog ${PREFIX}/libexec X.endif X ${INSTALL_MAN} ${WRKSRC}/${MAN8} ${MANPREFIX}/man/man8 X Xpost-install: X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/README.DTLS ${DOCSDIR} X ${INSTALL_MAN} ${WRKSRC}/README.SecurID ${DOCSDIR} X.endif X X.include 0acce8dae2cc43ab31a5f34c9ca58fe3 echo x - security/openconnect/distinfo sed 's/^X//' >security/openconnect/distinfo << 'fc2faf3dbe131c1b5252978507b19c0f' XMD5 (openconnect-2.00.tar.gz) = a51aa4b05d0cc14b1d1c35b8f57f04fa XSHA256 (openconnect-2.00.tar.gz) = 6089ace2f290f52fd680f4ccd20b17c970ac4849ba7d03ded22903efb56c50bb XSIZE (openconnect-2.00.tar.gz) = 59993 fc2faf3dbe131c1b5252978507b19c0f exit >Release-Note: >Audit-Trail: >Unformatted: