From owner-freebsd-ports-bugs@FreeBSD.ORG Fri Apr 29 08:00:19 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 303A71065670 for ; Fri, 29 Apr 2011 08:00:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E6FF68FC15 for ; Fri, 29 Apr 2011 08:00:18 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p3T80ICu062671 for ; Fri, 29 Apr 2011 08:00:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p3T80Irp062667; Fri, 29 Apr 2011 08:00:18 GMT (envelope-from gnats) Resent-Date: Fri, 29 Apr 2011 08:00:18 GMT Resent-Message-Id: <201104290800.p3T80Irp062667@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Riaan Kruger Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D17B5106566B for ; Fri, 29 Apr 2011 07:53:22 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id BFEAC8FC12 for ; Fri, 29 Apr 2011 07:53:22 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p3T7rMLd066907 for ; Fri, 29 Apr 2011 07:53:22 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p3T7rMgf066899; Fri, 29 Apr 2011 07:53:22 GMT (envelope-from nobody) Message-Id: <201104290753.p3T7rMgf066899@red.freebsd.org> Date: Fri, 29 Apr 2011 07:53:22 GMT From: Riaan Kruger To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/156711: [maintainer update] Update security/strongswan X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Apr 2011 08:00:19 -0000 >Number: 156711 >Category: ports >Synopsis: [maintainer update] Update security/strongswan >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Apr 29 08:00:18 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Riaan Kruger >Release: 8.2 >Organization: >Environment: >Description: Update secuirty/strongswan port from 4.4.0 to 4.5.1 >How-To-Repeat: >Fix: Patch attached with submission follows: diff -ruN strongswan.bak/Makefile strongswan/Makefile --- strongswan.bak/Makefile 2010-12-04 09:33:31.000000000 +0200 +++ strongswan/Makefile 2011-04-18 13:39:52.668276991 +0200 @@ -5,7 +5,7 @@ # $FreeBSD: ports/security/strongswan/Makefile,v 1.2 2010/12/04 07:33:31 ade Exp $ PORTNAME= strongswan -PORTVERSION= 4.4.0 +PORTVERSION= 4.5.1 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ @@ -14,7 +14,7 @@ COMMENT= Open Source IPSec-based VPN solution LIB_DEPENDS= vstr:${PORTSDIR}/devel/vstr \ - gmp.10:${PORTSDIR}/math/gmp + gmp.10:${PORTSDIR}/math/gmp USE_BZIP2= yes @@ -24,24 +24,25 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \ --enable-kernel-pfroute \ --disable-kernel-netlink \ - --enable-vstr \ --disable-tools \ --disable-scripts \ --disable-pluto \ --with-group=wheel \ + --enable-gmp \ + --enable-vstr \ --with-lib-prefix=${PREFIX} -MAN3= anyaddr.3 atoaddr.3 atoasr.3 atosa.3 atoul.3 goodmask.3 \ - initaddr.3 initsubnet.3 keyblobtoid.3 portof.3 prng.3 \ - rangetosubnet.3 sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 \ +MAN3= anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 \ + initaddr.3 initsubnet.3 portof.3 rangetosubnet.3 \ + sameaddr.3 subnetof.3 ttoaddr.3 ttodata.3 \ ttosa.3 ttoul.3 -MAN5= ipsec.conf.5 -MAN8= ipsec.8 starter.8 _copyright.8 _updown.8 _updown_espmark.8 +MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 +MAN8= ipsec.8 _updown.8 _updown_espmark.8 .include .if ${OSVERSION} < 800000 -IGNORE= requires at least FreeBSD 8.X +IGNORE= Requires at least FreeBSD 8.X .endif .include diff -ruN strongswan.bak/distinfo strongswan/distinfo --- strongswan.bak/distinfo 2010-08-26 15:40:11.000000000 +0200 +++ strongswan/distinfo 2011-03-24 06:05:57.211226000 +0200 @@ -1,3 +1,2 @@ -MD5 (strongswan-4.4.0.tar.bz2) = bfb0f1c8ef1344e1ae8157bdde060fed -SHA256 (strongswan-4.4.0.tar.bz2) = df40d9daf963ce4f4bef4177ed02d68c083521b307f52bebb1872c2ded4b2718 -SIZE (strongswan-4.4.0.tar.bz2) = 2863754 +SHA256 (strongswan-4.5.1.tar.bz2) = 252d7369d94aa2d79e6fad078853b07ca897ea811ab1e1a2b008bcec0d1e758a +SIZE (strongswan-4.5.1.tar.bz2) = 3254264 diff -ruN strongswan.bak/files/patch-src__libcharon__bus__listeners__sys_logger.c strongswan/files/patch-src__libcharon__bus__listeners__sys_logger.c --- strongswan.bak/files/patch-src__libcharon__bus__listeners__sys_logger.c 1970-01-01 02:00:00.000000000 +0200 +++ strongswan/files/patch-src__libcharon__bus__listeners__sys_logger.c 2011-03-24 07:51:01.240278000 +0200 @@ -0,0 +1,19 @@ +--- srcold/libcharon/bus/listeners/sys_logger.c 2011-03-10 20:50:01.000000000 +0200 ++++ src/libcharon/bus/listeners/sys_logger.c 2011-03-10 20:53:59.000000000 +0200 +@@ -79,13 +79,15 @@ + /* do a syslog with every line */ + while (current) + { ++ char tmp[8192]; + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } +- syslog(this->facility|LOG_INFO, "%.2d[%N]%s %s\n", ++ snprintf(tmp, 8192, "%.2d[%N]%s %s\n", + thread, debug_names, group, namestr, current); ++ syslog(this->facility|LOG_INFO, tmp); + current = next; + } + } diff -ruN strongswan.bak/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c --- strongswan.bak/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c 2010-08-26 15:40:11.000000000 +0200 +++ strongswan/files/patch-src__libcharon__plugins__kernel_pfkey__kernel_pfkey_ipsec.c 1970-01-01 02:00:00.000000000 +0200 @@ -1,102 +0,0 @@ -diff -u -r srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c ---- srcold/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-03-19 17:56:54.000000000 +0200 -+++ src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2010-05-28 15:58:12.000000000 +0200 -@@ -600,17 +600,43 @@ - } - - /** -- * add a host behind a sadb_address extension -+ * Copy a host_t as sockaddr_t to the given memory location. Ports are -+ * reset to zero as per RFC 2367. -+ * @returns the number of bytes copied - */ --static void host2ext(host_t *host, struct sadb_address *ext) -+static size_t hostcpy(void *dest, host_t *host) - { -- sockaddr_t *host_addr = host->get_sockaddr(host); -+ sockaddr_t *addr = host->get_sockaddr(host), *dest_addr = dest; - socklen_t *len = host->get_sockaddr_len(host); -+ memcpy(dest, addr, *len); - #ifdef HAVE_STRUCT_SOCKADDR_SA_LEN -- host_addr->sa_len = *len; -+ dest_addr->sa_len = *len; - #endif -- memcpy((char*)(ext + 1), host_addr, *len); -- ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + *len); -+ switch (dest_addr->sa_family) -+ { -+ case AF_INET: -+ { -+ struct sockaddr_in *sin = dest; -+ sin->sin_port = 0; -+ break; -+ } -+ case AF_INET6: -+ { -+ struct sockaddr_in6 *sin6 = dest; -+ sin6->sin6_port = 0; -+ break; -+ } -+ } -+ return *len; -+} -+ -+/** -+ * add a host behind an sadb_address extension -+ */ -+static void host2ext(host_t *host, struct sadb_address *ext) -+{ -+ size_t len = hostcpy(ext + 1, host); -+ ext->sadb_address_len = PFKEY_LEN(sizeof(*ext) + len); - } - - /** -@@ -1019,6 +1045,7 @@ - } - #endif /*SADB_X_MIGRATE*/ - -+#ifndef __FreeBSD__ - #ifdef HAVE_NATT - /** - * Process a SADB_X_NAT_T_NEW_MAPPING message from the kernel -@@ -1076,6 +1103,7 @@ - } - } - #endif /*HAVE_NATT*/ -+#endif /*__FreeBSD__*/ - - /** - * Receives events from kernel -@@ -1137,11 +1165,13 @@ - process_migrate(this, msg); - break; - #endif /*SADB_X_MIGRATE*/ -+#ifndef __FreeBSD__ - #ifdef HAVE_NATT - case SADB_X_NAT_T_NEW_MAPPING: - process_mapping(this, msg); - break; - #endif /*HAVE_NATT*/ -+#endif /*__FreeBSD__*/ - default: - break; - } -@@ -1679,14 +1709,10 @@ - req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; - if (mode == MODE_TUNNEL) - { -- sockaddr_t *sa; -- socklen_t sl; -- sa = src->get_sockaddr(src); -- sl = *src->get_sockaddr_len(src); -- memcpy(req + 1, sa, sl); -- sa = dst->get_sockaddr(dst); -- memcpy((u_int8_t*)(req + 1) + sl, sa, sl); -- req->sadb_x_ipsecrequest_len += sl * 2; -+ len = hostcpy(req + 1, src); -+ req->sadb_x_ipsecrequest_len += len; -+ len = hostcpy((char*)(req + 1) + len, dst); -+ req->sadb_x_ipsecrequest_len += len; - } - - pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); diff -ruN strongswan.bak/pkg-plist strongswan/pkg-plist --- strongswan.bak/pkg-plist 2010-08-26 15:40:11.000000000 +0200 +++ strongswan/pkg-plist 2011-03-24 08:20:56.930756000 +0200 @@ -25,6 +25,9 @@ libexec/ipsec/plugins/libstrongswan-des.a libexec/ipsec/plugins/libstrongswan-des.la libexec/ipsec/plugins/libstrongswan-des.so +libexec/ipsec/plugins/libstrongswan-constraints.a +libexec/ipsec/plugins/libstrongswan-constraints.la +libexec/ipsec/plugins/libstrongswan-constraints.so libexec/ipsec/plugins/libstrongswan-dnskey.a libexec/ipsec/plugins/libstrongswan-dnskey.la libexec/ipsec/plugins/libstrongswan-dnskey.so @@ -70,6 +73,9 @@ libexec/ipsec/plugins/libstrongswan-sha2.a libexec/ipsec/plugins/libstrongswan-sha2.la libexec/ipsec/plugins/libstrongswan-sha2.so +libexec/ipsec/plugins/libstrongswan-revocation.a +libexec/ipsec/plugins/libstrongswan-revocation.la +libexec/ipsec/plugins/libstrongswan-revocation.so libexec/ipsec/plugins/libstrongswan-socket-default.a libexec/ipsec/plugins/libstrongswan-socket-default.la libexec/ipsec/plugins/libstrongswan-socket-default.so >Release-Note: >Audit-Trail: >Unformatted: