From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Jun 3 12:40:03 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1DA910656C7 for ; Thu, 3 Jun 2010 12:40:03 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 93F698FC1C for ; Thu, 3 Jun 2010 12:40:03 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o53Ce366015753 for ; Thu, 3 Jun 2010 12:40:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o53Ce3xs015752; Thu, 3 Jun 2010 12:40:03 GMT (envelope-from gnats) Resent-Date: Thu, 3 Jun 2010 12:40:03 GMT Resent-Message-Id: <201006031240.o53Ce3xs015752@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Riaan Kruger Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C84D9106564A for ; Thu, 3 Jun 2010 12:31:05 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id B6C338FC1C for ; Thu, 3 Jun 2010 12:31:05 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o53CV5kd050109 for ; Thu, 3 Jun 2010 12:31:05 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o53CV5S4050108; Thu, 3 Jun 2010 12:31:05 GMT (envelope-from nobody) Message-Id: <201006031231.o53CV5S4050108@www.freebsd.org> Date: Thu, 3 Jun 2010 12:31:05 GMT From: Riaan Kruger To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/147431: [NEW PORT] security/strongswan - Open Source IPsec-based VPN solution X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jun 2010 12:40:03 -0000 >Number: 147431 >Category: ports >Synopsis: [NEW PORT] security/strongswan - Open Source IPsec-based VPN solution >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Jun 03 12:40:03 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Riaan Kruger >Release: FreeBSD 8.0-RELEASE-p2 >Organization: >Environment: FreeBSD hostname 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #0: Tue Jan 5 16:02:27 UTC 2010 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386 >Description: Strongswan is an open source IPsec-based VPN solution. WWW: http://www.strongswan.org >How-To-Repeat: >Fix: Patch attached with submission follows: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # /usr/ports/security/strongswan/ # /usr/ports/security/strongswan/files # /usr/ports/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c # /usr/ports/security/strongswan/distinfo # /usr/ports/security/strongswan/pkg-descr # /usr/ports/security/strongswan/pkg-plist # /usr/ports/security/strongswan/Makefile # echo c - /usr/ports/security/strongswan/ mkdir -p /usr/ports/security/strongswan/ > /dev/null 2>&1 echo c - /usr/ports/security/strongswan/files mkdir -p /usr/ports/security/strongswan/files > /dev/null 2>&1 echo x - /usr/ports/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c sed 's/^X//' >/usr/ports/security/strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c << 'd746b2299214dda4208929a3abd0e063' Xdiff -u -r srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c X--- srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-03-19 17:56:54.000000000 +0200 X+++ src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-05-28 15:58:12.000000000 +0200 X@@ -600,17 +600,43 @@ X } X X /** X- * add a host behind a sadb_address extension X+ * Copy a host_t as sockaddr_t to the given memory location. Ports are X+ * reset to zero as per RFC 2367. X+ * @returns the number of bytes copied X */ X-static void host2ext(host_t *host, struct sadb_address *ext) X+static size_t hostcpy(void *dest, host_t *host) X { X- sockaddr_t *host_addr = host->get_sockaddr(host); X+ sockaddr_t *addr = host->get_sockaddr(host), *dest_addr = dest; X socklen_t *len = host->get_sockaddr_len(host); X+ memcpy(dest, addr, *len); X #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN X- host_addr->sa_len = *len; X+ dest_addr->sa_len = *len; X #endif X- memcpy((char*)(ext + 1), host_addr, *len); X- ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len); X+ switch (dest_addr->sa_family) X+ { X+ case AF_INET: X+ { X+ struct sockaddr_in *sin = dest; X+ sin->sin_port = 0; X+ break; X+ } X+ case AF_INET6: X+ { X+ struct sockaddr_in6 *sin6 = dest; X+ sin6->sin6_port = 0; X+ break; X+ } X+ } X+ return *len; X+} X+ X+/** X+ * add a host behind an sadb_address extension X+ */ X+static void host2ext(host_t *host, struct sadb_address *ext) X+{ X+ size_t len = hostcpy(ext + 1, host); X+ ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + len); X } X X /** X@@ -1019,6 +1045,7 @@ X } X #endif /*SADB_X_MIGRATE*/ X X+#ifndef __FreeBSD__ X #ifdef HAVE_NATT X /** X * Process a SADB_X_NAT_T_NEW_MAPPING message from the kernel X@@ -1076,6 +1103,7 @@ X } X } X #endif /*HAVE_NATT*/ X+#endif /*__FreeBSD__*/ X X /** X * Receives events from kernel X@@ -1137,11 +1165,13 @@ X process_migrate(this, msg); X break; X #endif /*SADB_X_MIGRATE*/ X+#ifndef __FreeBSD__ X #ifdef HAVE_NATT X case SADB_X_NAT_T_NEW_MAPPING: X process_mapping(this, msg); X break; X #endif /*HAVE_NATT*/ X+#endif /*__FreeBSD__*/ X default: X break; X } X@@ -1679,14 +1709,10 @@ X req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; X if (mode == MODE_TUNNEL) X { X- sockaddr_t *sa; X- socklen_t sl; X- sa = src->get_sockaddr(src); X- sl = *src->get_sockaddr_len(src); X- memcpy(req + 1, sa, sl); X- sa = dst->get_sockaddr(dst); X- memcpy((u_int8_t*)(req + 1) + sl, sa, sl); X- req->sadb_x_ipsecrequest_len += sl * 2; X+ len = hostcpy(req + 1, src); X+ req->sadb_x_ipsecrequest_len += len; X+ len = hostcpy((char*)(req + 1) + len, dst); X+ req->sadb_x_ipsecrequest_len += len; X } X X pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); d746b2299214dda4208929a3abd0e063 echo x - /usr/ports/security/strongswan/distinfo sed 's/^X//' >/usr/ports/security/strongswan/distinfo << '9127200bde3fcbe921232c9becde9a0a' XMD5 (strongswan-4.4.0.tar.bz2) = bfb0f1c8ef1344e1ae8157bdde060fed XSHA256 (strongswan-4.4.0.tar.bz2) = df40d9daf963ce4f4bef4177ed02d68c083521b307f52bebb1872c2ded4b2718 XSIZE (strongswan-4.4.0.tar.bz2) = 2863754 9127200bde3fcbe921232c9becde9a0a echo x - /usr/ports/security/strongswan/pkg-descr sed 's/^X//' >/usr/ports/security/strongswan/pkg-descr << '229658a306df519cf515176f3b9a6e48' XStrongswan is an open source IPsec-based VPN solution. X XWWW: http://www.strongswan.org 229658a306df519cf515176f3b9a6e48 echo x - /usr/ports/security/strongswan/pkg-plist sed 's/^X//' >/usr/ports/security/strongswan/pkg-plist << 'b13d9de1e2dd08108c3b33a7aaa4329a' Xetc/ipsec.conf X%%ETCDIR%%.conf Xlib/libcharon.a Xlib/libcharon.la Xlib/libcharon.so Xlib/libcharon.so.0 Xlib/libhydra.a Xlib/libhydra.la Xlib/libhydra.so Xlib/libhydra.so.0 Xlib/libstrongswan.a Xlib/libstrongswan.la Xlib/libstrongswan.so Xlib/libstrongswan.so.0 Xlibexec/ipsec/_copyright Xlibexec/ipsec/_updown Xlibexec/ipsec/_updown_espmark Xlibexec/ipsec/charon Xlibexec/ipsec/plugins/libstrongswan-aes.a Xlibexec/ipsec/plugins/libstrongswan-aes.la Xlibexec/ipsec/plugins/libstrongswan-aes.so Xlibexec/ipsec/plugins/libstrongswan-attr.a Xlibexec/ipsec/plugins/libstrongswan-attr.la Xlibexec/ipsec/plugins/libstrongswan-attr.so Xlibexec/ipsec/plugins/libstrongswan-des.a Xlibexec/ipsec/plugins/libstrongswan-des.la Xlibexec/ipsec/plugins/libstrongswan-des.so Xlibexec/ipsec/plugins/libstrongswan-dnskey.a Xlibexec/ipsec/plugins/libstrongswan-dnskey.la Xlibexec/ipsec/plugins/libstrongswan-dnskey.so Xlibexec/ipsec/plugins/libstrongswan-fips-prf.a Xlibexec/ipsec/plugins/libstrongswan-fips-prf.la Xlibexec/ipsec/plugins/libstrongswan-fips-prf.so Xlibexec/ipsec/plugins/libstrongswan-gmp.a Xlibexec/ipsec/plugins/libstrongswan-gmp.la Xlibexec/ipsec/plugins/libstrongswan-gmp.so Xlibexec/ipsec/plugins/libstrongswan-hmac.a Xlibexec/ipsec/plugins/libstrongswan-hmac.la Xlibexec/ipsec/plugins/libstrongswan-hmac.so Xlibexec/ipsec/plugins/libstrongswan-kernel-pfkey.a Xlibexec/ipsec/plugins/libstrongswan-kernel-pfkey.la Xlibexec/ipsec/plugins/libstrongswan-kernel-pfkey.so Xlibexec/ipsec/plugins/libstrongswan-kernel-pfroute.a Xlibexec/ipsec/plugins/libstrongswan-kernel-pfroute.la Xlibexec/ipsec/plugins/libstrongswan-kernel-pfroute.so Xlibexec/ipsec/plugins/libstrongswan-md5.a Xlibexec/ipsec/plugins/libstrongswan-md5.la Xlibexec/ipsec/plugins/libstrongswan-md5.so Xlibexec/ipsec/plugins/libstrongswan-pem.a Xlibexec/ipsec/plugins/libstrongswan-pem.la Xlibexec/ipsec/plugins/libstrongswan-pem.so Xlibexec/ipsec/plugins/libstrongswan-pgp.a Xlibexec/ipsec/plugins/libstrongswan-pgp.la Xlibexec/ipsec/plugins/libstrongswan-pgp.so Xlibexec/ipsec/plugins/libstrongswan-pkcs1.a Xlibexec/ipsec/plugins/libstrongswan-pkcs1.la Xlibexec/ipsec/plugins/libstrongswan-pkcs1.so Xlibexec/ipsec/plugins/libstrongswan-pubkey.a Xlibexec/ipsec/plugins/libstrongswan-pubkey.la Xlibexec/ipsec/plugins/libstrongswan-pubkey.so Xlibexec/ipsec/plugins/libstrongswan-random.a Xlibexec/ipsec/plugins/libstrongswan-random.la Xlibexec/ipsec/plugins/libstrongswan-random.so Xlibexec/ipsec/plugins/libstrongswan-resolve.a Xlibexec/ipsec/plugins/libstrongswan-resolve.la Xlibexec/ipsec/plugins/libstrongswan-resolve.so Xlibexec/ipsec/plugins/libstrongswan-sha1.a Xlibexec/ipsec/plugins/libstrongswan-sha1.la Xlibexec/ipsec/plugins/libstrongswan-sha1.so Xlibexec/ipsec/plugins/libstrongswan-sha2.a Xlibexec/ipsec/plugins/libstrongswan-sha2.la Xlibexec/ipsec/plugins/libstrongswan-sha2.so Xlibexec/ipsec/plugins/libstrongswan-socket-default.a Xlibexec/ipsec/plugins/libstrongswan-socket-default.la Xlibexec/ipsec/plugins/libstrongswan-socket-default.so Xlibexec/ipsec/plugins/libstrongswan-stroke.a Xlibexec/ipsec/plugins/libstrongswan-stroke.la Xlibexec/ipsec/plugins/libstrongswan-stroke.so Xlibexec/ipsec/plugins/libstrongswan-updown.a Xlibexec/ipsec/plugins/libstrongswan-updown.la Xlibexec/ipsec/plugins/libstrongswan-updown.so Xlibexec/ipsec/plugins/libstrongswan-x509.a Xlibexec/ipsec/plugins/libstrongswan-x509.la Xlibexec/ipsec/plugins/libstrongswan-x509.so Xlibexec/ipsec/plugins/libstrongswan-xcbc.a Xlibexec/ipsec/plugins/libstrongswan-xcbc.la Xlibexec/ipsec/plugins/libstrongswan-xcbc.so Xlibexec/ipsec/starter Xlibexec/ipsec/stroke Xsbin/ipsec X@dirrm libexec/ipsec/plugins X@dirrm libexec/ipsec X@dirrm etc/ipsec.d/reqs X@dirrm etc/ipsec.d/private X@dirrm etc/ipsec.d/ocspcerts X@dirrm etc/ipsec.d/crls X@dirrm etc/ipsec.d/certs X@dirrm etc/ipsec.d/cacerts X@dirrm etc/ipsec.d/acerts X@dirrm etc/ipsec.d/aacerts X@dirrm etc/ipsec.d X@exec mkdir -p %D/etc/ipsec.d/reqs X@exec mkdir -p %D/etc/ipsec.d/private X@exec mkdir -p %D/etc/ipsec.d/ocspcerts X@exec mkdir -p %D/etc/ipsec.d/crls X@exec mkdir -p %D/etc/ipsec.d/certs X@exec mkdir -p %D/etc/ipsec.d/cacerts X@exec mkdir -p %D/etc/ipsec.d/acerts X@exec mkdir -p %D/etc/ipsec.d/aacerts b13d9de1e2dd08108c3b33a7aaa4329a echo x - /usr/ports/security/strongswan/Makefile sed 's/^X//' >/usr/ports/security/strongswan/Makefile << 'c9ffd13c0567760030aa133e15a5f480' X# New ports collection makefile for: strongswan X# Date created: 30 May 2010 X# Whom: riaank X# $FreeBSD$ X X# TODO: X# 1. At present there should be no CONFLICTS because this is the first version of the strongswan port. But in future this should be filled in. X# 2. The port needs the standard startup scripts. X# 3. The port needs some documentation on which parts/functinalities of Strongswan is supported on FreeBSD; this might be outside the scope of the port X# 4. Currently the port requires a minimum version of FreeBSD 8 and this should be set somehow in this Makefile. X# 5. The PORTDOCS section/values need to be defined. X XPORTNAME= strongswan XPORTVERSION= 4.4.0 XCATEGORIES= security XMASTER_SITES= http://download.strongswan.org/ \ X http://download2.strongswan.org/ X XMAINTAINER= riaank@gmail.com X XCOMMENT= Open Source IPSec-based VPN solution. X XLIB_DEPENDS+= vstr:${PORTSDIR}/devel/vstr XLIB_DEPENDS+= gmp.8:${PORTSDIR}/math/libgmp4 X XUSE_BZIP2= yes X XUSE_AUTOTOOLS= libtool:22 XGNU_CONFIGURE= yes XUSE_LDCONFIG= yes XCONFIGURE_ARGS= -enable-kernel-pfkey \ X --enable-kernel-pfroute \ X --disable-kernel-netlink \ X --enable-vstr \ X --disable-tools \ X --disable-scripts \ X --disable-pluto \ X --with-group=wheel \ X --with-lib-prefix=${PREFIX} X XMAN5= ipsec.conf.5 XMAN8= ipsec.8 starter.8 _copyright.8 _updown.8 _updown_espmark.8 X X.include c9ffd13c0567760030aa133e15a5f480 exit >Release-Note: >Audit-Trail: >Unformatted: