From owner-freebsd-ports@FreeBSD.ORG Thu Jun 14 06:05:08 2012 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3806B1065676 for ; Thu, 14 Jun 2012 06:05:08 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id CABB58FC12 for ; Thu, 14 Jun 2012 06:05:07 +0000 (UTC) Received: by yhgm50 with SMTP id m50so1380287yhg.13 for ; Wed, 13 Jun 2012 23:05:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition; bh=O+OynmbeSoK7PZsE90Facy/tI0Ge/KkhB0HS4o3Ew4g=; b=Azc3ceI5vByo3g3HfFJYSBmx4hJzImimkBu25WKY6+FN2AZFu11jRWaU0Vut9/2az6 iPEzU+Iw6Y2oaxuhw70ZjqY3tX2KaT5WVixMZGSadde1gFHI7XpLMJ0ZySJJKv63+5Jy /IIxftm8vbvij64Iik70mhQaTW4TGxIEwsxrs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:x-gm-message-state; bh=O+OynmbeSoK7PZsE90Facy/tI0Ge/KkhB0HS4o3Ew4g=; b=MsIT4hHipUCR86iW7wqdZJ9wCo9MtmMpxVe3+Aw+GCo06hwRs9iL7ZdJWgG3tujZ/Y Mi8sJSSJr20YOW6VuHT4n+yOMtGQLYhM2hTYx6N9r21oX8VLdm/bCuaqXXu0UPHceez+ ekOGOQQzmPhLdBGMt+QU82bL/3esZO5Wx1Fs6zbq/NKmNttN5A1D+H1bMNXpN7yzoDkI THw5AWTPTykbz9LfMbElaC1UyPrMnqC/rEt0pa3iy3mdoR2Q421Adf8ExM8DXZuXDNZ0 XBLXzpyf9vPtNyINjBrSmvLVpLJaQ/GK3+HD4oJKTBrzFJGAmbk3kfiMPU4aOCi5Y/P/ /w2g== Received: by 10.236.77.164 with SMTP id d24mr622217yhe.129.1339653907283; Wed, 13 Jun 2012 23:05:07 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id a34sm17382387yhh.0.2012.06.13.23.05.06 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 13 Jun 2012 23:05:06 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5E654BY005944 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 14 Jun 2012 02:05:04 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5E6536A005943; Thu, 14 Jun 2012 02:05:03 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Thu, 14 Jun 2012 02:05:03 -0400 From: Jason Hellenthal To: David Woodhouse Message-ID: <20120614060503.GA5752@DataIX.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VrqPEDrXMn8OVzN4" Content-Disposition: inline X-Gm-Message-State: ALoCoQmvmHziGJ6w9xPJ+7FEKmLzYy/6DuW6Aien/tPofqE6/pLd12E3plYtiP5HoKp25utrDqYg Cc: ports@freebsd.org Subject: Patches for Review (security/vpnc) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jun 2012 06:05:08 -0000 --VrqPEDrXMn8OVzN4 Content-Type: multipart/mixed; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable David, Could you take a look over the following attached patches and comments and make a consideration on these. Thanks. --=20 - (2^(N-1)) --AqsLC8rIMeq19msA Content-Type: text/x-diff; charset=iso-8859-1 Content-Disposition: attachment; filename="vpnc-script-patchset.diff" Content-Transfer-Encoding: quoted-printable ------------------------------------------------------------------------ r2 | jh | 2012-06-14 01:14:16 -0400 (Thu, 14 Jun 2012) | 4 lines ASCII'fy the copyrights section. less(1) and other tools see it as binary. Index: vpnc-script =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- vpnc-script (revision 1) +++ vpnc-script (revision 2) @@ -1,8 +1,8 @@ #!/bin/sh # # Originally part of vpnc source code: -# =A9 2005-2012 Maurice Massar, J=F6rg Mayer, Antonio Borneo et al. -# =A9 2009-2012 David Woodhouse +# (c) 2005-2012 Maurice Massar, J=F6rg Mayer, Antonio Borneo et al. +# (c) 2009-2012 David Woodhouse # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by ------------------------------------------------------------------------ r3 | jh | 2012-06-14 01:25:31 -0400 (Thu, 14 Jun 2012) | 13 lines Adjust checking for if_tun to use kldstat(8) in place of /dev/tun /dev/tun is legacy usage and should be discouraged from further use. When sysctl net.link.tun.devfs_cloning=3D0 there is no /dev/tun device to probe. kldstat(8) and the current flags (-qm) for FreeBSD reach back to 7.X and possibly further, so invoke them. While here kldload if_tun.ko quietly (-q) See if_tun(4), kldstat(8), kldload(8) Index: vpnc-script =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- vpnc-script (revision 2) +++ vpnc-script (revision 3) @@ -593,12 +593,12 @@ fi fi elif [ "$OS" =3D "FreeBSD" ]; then - if [ ! -e /dev/tun ]; then - kldload if_tun + if ! kldstat -qm if_tun; then + kldload -q if_tun fi elif [ "$OS" =3D "GNU/kFreeBSD" ]; then - if [ ! -e /dev/tun ]; then - kldload if_tun + if ! kldstat -qm if_tun; then + kldload -q if_tun fi elif [ "$OS" =3D "NetBSD" ]; then : ------------------------------------------------------------------------ r4 | jh | 2012-06-14 01:42:30 -0400 (Thu, 14 Jun 2012) | 11 lines Interface creation and deletion should be handled directly by vpnc and return status should be handed back over to the script for negotiation. For now comment out the implicit tunnel deletion function until it can be reworked. Things to consider are possible legacy use cases net.link.tun.devfs_cloning but should not be depended on. Index: vpnc-script =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- vpnc-script (revision 3) +++ vpnc-script (revision 4) @@ -712,7 +712,7 @@ if [ -n "$INTERNAL_IP4_DNS" ]; then $RESTORERESOLVCONF fi - destroy_tun_device + #destroy_tun_device } =20 #### Main ------------------------------------------------------------------------ --AqsLC8rIMeq19msA-- --VrqPEDrXMn8OVzN4 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJP2X8OAAoJEBSh2Dr1DU7Wwt0H/Rh7Td7mnKTDmIccbl1cgsaQ qt3Rd+52l3oBpxztSqvA4n2SlzKVx7pZm1hPGkyhozJzuISnbAuyWJtLxD+Tg4fs C9NvH4ocCnSoKUEhXwC/CaBpumHqOu8nL9V5EpZYCF9OoYtwQMJO5xV2K/eV6IwG BqhOU6cBLT0vX4lAbOafQz29GyO0OVltcV9yF+25RxE8SmVuDLc5J25Jp1BBuqi5 7lAheZXi0hQGaXgx9/fu67Bfa6rx0aO2atxTc0F7THZUxvPStCf+9FImSj+g7BVU +ORCqRvNabGSz+AljLxWPztuttAUa0o22kZDxDcfpUQp67/K0xFmw0hF0HOwmEE= =o6Hz -----END PGP SIGNATURE----- --VrqPEDrXMn8OVzN4--