Date: Mon, 13 Nov 2006 18:29:00 +0000 (UTC) From: "Bjoern A.Zeeb" <bzeeb+freebsd+ports@zabbadoz.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: "Bjoern A.Zeeb" <bzeeb+freebsd+ports@zabbadoz.net> Subject: ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched Message-ID: <20061113182900.327B3444892@mail.int.zabbadoz.net> Resent-Message-ID: <200611131840.kADIeCSb038307@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 105488 >Category: ports >Synopsis: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Nov 13 18:40:12 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Bjoern A. Zeeb >Release: FreeBSD 7.0-CURRENT i386 >Organization: Zabbadoz.NeT >Environment: CURRENT that needs updating >Description: ipsec-tools has a make config option to enable NAT-T support or leave it disabled. To be able to compile in NAT-T support patched header files have to be installed to the system the port is build on. People enabling NAT-T support but not having installed the patched header files do not get NAT-T support and only a single line output from configure/autotools tells you about this so it is unlikely that anyone will ever notice. Usually people install ipsec-tools and wonder why NAT-T support is not working. We have already seen those problems on freebsd-net@ for example. >How-To-Repeat: turn on option NATT in make config compiling on an unpatched base system and look at the configure output or try to use the package with a patched kernel. There is no error message though you said "I want this to be on". >Fix: If NATT is enabled in make config tell gnu configure that we really want it and not only optionally want it so the port will fail to build if no patched header files are available. Index: Makefile =================================================================== RCS file: /local/mirror/FreeBSD/r/pcvs/ports/security/ipsec-tools/Makefile,v retrieving revision 1.13 diff -u -p -r1.13 Makefile --- Makefile 16 Jun 2006 16:02:54 -0000 1.13 +++ Makefile 13 Nov 2006 14:12:50 -0000 @@ -89,7 +89,7 @@ CONFIGURE_ARGS+= --disable-dpd .endif .ifdef(WITH_NATT) -CONFIGURE_ARGS+= --enable-natt=kernel +CONFIGURE_ARGS+= --enable-natt=yes .else CONFIGURE_ARGS+= --disable-natt .endif >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061113182900.327B3444892>