Date: Wed, 12 Feb 2014 10:06:49 -0200 From: Renato Botelho <garga@FreeBSD.org> To: Bernhard Froehlich <decke@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r341405 - head/security/strongswan Message-ID: <52FB63D9.10701@FreeBSD.org> In-Reply-To: <201401271335.s0RDZfTj022362@svn.freebsd.org> References: <201401271335.s0RDZfTj022362@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xPofUBsWDd6cGf93Ib80GWAfuIah1kvPs Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 27-01-2014 11:35, Bernhard Froehlich wrote: > Author: decke > Date: Mon Jan 27 13:35:40 2014 > New Revision: 341405 > URL: http://svnweb.freebsd.org/changeset/ports/341405 > QAT: https://qat.redports.org/buildarchive/r341405/ >=20 > Log: > - Update to 5.1.1 > - Added EAP dynamic proxy module > - Added EAP Radius proxy authentication > - Added DNSSEC/unbound support > - Added kernel libipsec plugin > - Changed configuration files to install to ${PREFIX}/etc/<filename>.= conf.sample > - Convert to new options format > =20 > PR: ports/185535 > Submitted by: Francois ten Krooden <strongswan@nanoteq.com> (maintain= er) > Security: CVE-2013-5018 > Security: CVE-2013-6075 > Security: CVE-2013-6076 >=20 > Modified: > head/security/strongswan/Makefile > head/security/strongswan/distinfo > head/security/strongswan/pkg-plist >=20 > Modified: head/security/strongswan/Makefile > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/security/strongswan/Makefile Mon Jan 27 13:35:10 2014 (r341404= ) > +++ head/security/strongswan/Makefile Mon Jan 27 13:35:40 2014 (r341405= ) > @@ -2,8 +2,7 @@ > # $FreeBSD$ > =20 > PORTNAME=3D strongswan > -PORTVERSION=3D 5.0.4 > -PORTREVISION=3D 1 > +PORTVERSION=3D 5.1.1 > CATEGORIES=3D security > MASTER_SITES=3D http://download.strongswan.org/ \ > http://download2.strongswan.org/ > @@ -37,6 +36,7 @@ CONFIGURE_ARGS=3D --enable-kernel-pfkey \ > --enable-blowfish \ > --enable-addrblock \ > --enable-whitelist \ > + --enable-cmd \ > --with-group=3Dwheel \ > --with-lib-prefix=3D${PREFIX} > =20 > @@ -44,38 +44,47 @@ CONFIGURE_ARGS=3D --enable-kernel-pfkey \ > MAN5=3D ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 > MAN8=3D ipsec.8 _updown.8 _updown_espmark.8 > =20 > -OPTIONS_DEFINE=3D CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE > +OPTIONS_DEFINE=3D CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE IKE= v1 \ > + IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE \ > + TESTVECTOR UNBOUND XAUTH > +OPTIONS_SUB=3D ${OPTIONS_DEFINE} > CURL_DESC=3D Enable CURL to fetch CRL/OCSP > EAPAKA3GPP2_DESC=3D Enable EAP AKA with 3gpp2 backend > +EAPDYNAMIC_DESC=3D Enable EAP dynamic proxy module > +EAPRADIUS_DESC=3D Enable EAP Radius proxy authentication > EAPSIMFILE_DESC=3D Enable EAP SIM with file backend > -IKEv1_DESC=3D Enable IKEv1 support (Experimental) > - > -NO_STAGE=3D yes > -.include <bsd.port.options.mk> > +IKEv1_DESC=3D Enable IKEv1 support > +IPSECKEY_DESC=3D Enable authentication with IPSECKEY resource records = with DNSSEC > +KERNELLIBIPSEC_DESC=3D Enable IPSec userland backend > +LOADTESTER_DESC=3D Enable load testing plugin > +TESTVECTOR_DESC=3D Enable crypto test vectors > +UNBOUND_DESC=3D Enable DNSSEC-enabled resolver > +XAUTH_DESC=3D Enable XAuth password verification > =20 > # Extra options > -.if ${PORT_OPTIONS:MCURL} > -CONFIGURE_ARGS+=3D --enable-curl > -LIB_DEPENDS+=3D curl:${PORTSDIR}/ftp/curl > -PLIST_SUB+=3D CURL=3D"" > -.else > -PLIST_SUB+=3D CURL=3D"@comment " > -.endif > - > -.if ${PORT_OPTIONS:MEAPSIMFILE} > -CONFIGURE_ARGS+=3D --enable-eap-sim --enable-eap-sim-file > -PLIST_SUB+=3D EAPSIMFILE=3D"" > -.else > -PLIST_SUB+=3D EAPSIMFILE=3D"@comment " > -.endif > +CURL_CONFIGURE_ON=3D --enable-curl > +CURL_LIB_DEPENDS=3D curl:${PORTSDIR}/ftp/curl > +EAPAKA3GPP2_CONFIGURE_ON=3D --enable-eap-aka --enable-eap-aka-3gpp2 > +EAPAKA3GPP2_LIB_DEPENDS=3Dgmp:${PORTSDIR}/math/gmp > +EAPDYNAMIC_CONFIGURE_ON=3D--enable-eap-dynamic > +EAPRADIUS_CONFIGURE_ON=3D --enable-eap-radius > +EAPSIMFILE_CONFIGURE_ON=3D--enable-eap-sim --enable-eap-sim-file > +IKEv1_CONFIGURE_OFF=3D --disable-ikev1 > +IPSECKEY_CONFIGURE_ON=3D --enable-ipseckey > +KERNELLIBIPSEC_CONFIGURE_ON=3D --enable-kernel-libipsec > +LOADTESTER_CONFIGURE_ON=3D--enable-load-tester > +LDAP_CONFIGURE_ON=3D --enable-ldap > +LDAP_USE=3D USE_OPENLDAP=3Dyes > +MYSQL_CONFIGURE_ON=3D --enable-mysql > +MYSQL_USE=3D USE_MYSQL=3Dyes > +SQLITE_CONFIGURE_ON=3D --enable-sqlite > +SQLITE_LIB_DEPENDS=3D sqlite3:${PORTSDIR}/databases/sqlite3 > +TESTVECTOR_CONFIGURE_ON=3D--enable-test-vectors > +UNBOUND_CONFIGURE_ON=3D --enable-unbound > +UNBOUND_LIB_DEPENDS=3D unbound:${PORTSDIR}/dns/unbound > +XAUTH_CONFIGURE_ON=3D --enable-xauth-eap --enable-xauth-generic > =20 > -.if ${PORT_OPTIONS:MEAPAKA3GPP2} > -CONFIGURE_ARGS+=3D --enable-eap-aka --enable-eap-aka-3gpp2 > -LIB_DEPENDS+=3D gmp:${PORTSDIR}/math/gmp > -PLIST_SUB+=3D EAPAKA3GPP2=3D"" > -.else > -PLIST_SUB+=3D EAPAKA3GPP2=3D"@comment " > -.endif > +.include <bsd.port.options.mk> > =20 > .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2} > PLIST_SUB+=3DSIMAKA=3D"" > @@ -83,37 +92,6 @@ PLIST_SUB+=3DSIMAKA=3D"" > PLIST_SUB+=3DSIMAKA=3D"@comment " > .endif > =20 > -.if ${PORT_OPTIONS:MIKEv1} > -PLIST_SUB+=3D IKEv1=3D"" > -.else > -CONFIGURE_ARGS+=3D --disable-ikev1 > -PLIST_SUB+=3D IKEv1=3D"@comment " > -.endif > - > -.if ${PORT_OPTIONS:MLDAP} > -USE_OPENLDAP=3D yes > -CONFIGURE_ARGS+=3D --enable-ldap > -PLIST_SUB+=3D LDAP=3D"" > -.else > -PLIST_SUB+=3D LDAP=3D"@comment " > -.endif > - > -.if ${PORT_OPTIONS:MMYSQL} > -CONFIGURE_ARGS+=3D --enable-mysql > -USE_MYSQL=3D yes > -PLIST_SUB+=3D MYSQL=3D"" > -.else > -PLIST_SUB+=3D MYSQL=3D"@comment " > -.endif > - > -.if ${PORT_OPTIONS:MSQLITE} > -CONFIGURE_ARGS+=3D --enable-sqlite > -LIB_DEPENDS+=3D sqlite3:${PORTSDIR}/databases/sqlite3 > -PLIST_SUB+=3D SQLITE=3D"" > -.else > -PLIST_SUB+=3D SQLITE=3D"@comment " > -.endif > - > .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE} > CONFIGURE_ARGS+=3D --enable-attr-sql --enable-sql > PLIST_SUB+=3D SQL=3D"" > @@ -121,11 +99,9 @@ PLIST_SUB+=3D SQL=3D"" > PLIST_SUB+=3D SQL=3D"@comment " > .endif > =20 > -.include <bsd.port.pre.mk> > - > -# Requires FreeBSD 8 and above to work > -.if ${OSVERSION} < 800000 > -IGNORE=3D requires at least FreeBSD 8.X > -.endif > +post-install: > + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} > + ${MV} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESD= IR} > + ${MV} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR} Just one more thing that I noted, it would be better to use ${INSTALL_DATA} here instead of ${MV} --=20 Renato Botelho <garga @ FreeBSD.org> <garga.bsd @ gmail.com> GnuPG Key: http://www.FreeBSD.org/~garga/pubkey.asc --xPofUBsWDd6cGf93Ib80GWAfuIah1kvPs Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCgAGBQJS+2PZAAoJEPHw56GfYleQ2XMP/jcchBqldxxbZ65OL/CAIxdG /PnoOf9+Vj0z38fc9CmTGqXxs2LmAVTw77HMcKJk/7mnAbFlfvyUViFp1d+Fpe15 cmJ8LpqEqPM4Pt/VTcvmKPJbEhzxIK0iwfyJmjaGvT2lI5DiBzNnY2BOVvwxWB/+ ti8Ax4JDUNE0cTVkk8ew06FvRttFtgS3KsPPmCmdt4oHt6Mr0Oy1riREFNSOjRe4 yNTI0E6yt4fhBHVanfMECJ4nU3YpbfgUYP/b1V+MTOB0vDI6pIibBFKUY1CGCGPS IzlZwIvvgbkISMWOnrR880KAs+mYbTJ+QZVHVn0UKpZe73YDDwXrhemrZeow5zhb yXEaIZcgiy2uxMXFn/dhJ9pU/pOswjp+ZzgdBVwacO/oEJr18ufttQzAKsnugJoc QCpFqouhlKc6xB6MnGXmsDlMig+BWmj9vw8t5M/rFBiJIM0SZPggV06T9iNp5rIZ o6/7krBVI2WSJWa3Tn+s+GEaSkHb6BxggqOC+O0eU3zw3JhJi8VQw7O51q43GVOI VnWfW+HTt1ESyAsqGWot++W5LJ8Fqmz5Npj5uyeIdIKWILJYAQbhbeV+3QwFjkLf Dk0EOdXYCRTp2c1lsGeX+Fuom08pB/pXZ1mFVzGoBm0+MIoP6+esEdTwEMQ/zRnd wRRdXZnLUmUDJzGse1wE =/czY -----END PGP SIGNATURE----- --xPofUBsWDd6cGf93Ib80GWAfuIah1kvPs--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52FB63D9.10701>