From owner-svn-ports-all@FreeBSD.ORG Thu Apr 16 12:55:40 2015 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2820ABB6; Thu, 16 Apr 2015 12:55:40 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 095327F6; Thu, 16 Apr 2015 12:55:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3GCtd80045387; Thu, 16 Apr 2015 12:55:39 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3GCtdOo045383; Thu, 16 Apr 2015 12:55:39 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201504161255.t3GCtdOo045383@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Thu, 16 Apr 2015 12:55:39 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r384108 - in head/security/strongswan: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2015 12:55:40 -0000 Author: feld Date: Thu Apr 16 12:55:38 2015 New Revision: 384108 URL: https://svnweb.freebsd.org/changeset/ports/384108 Log: Add patches to fix Strongswan Management Protocol SMP is an XML control interface for Strongswan used by pfSense and Opnsense. SMP has been deprecated by upstream since 5.2.0 in favor of a newer IPC mechanism called VICI. As a result upstream is not motivated to take patches for SMP, and this uses non-portable strlcpy anyway. The code has not been deleted from the project and if we can bludgeon it into a working state I see no harm. PR: 199442 Added: head/security/strongswan/files/patch-conf_Makefile.in (contents, props changed) head/security/strongswan/files/patch-src_libcharon_plugins_smp_smp.c (contents, props changed) head/security/strongswan/files/patch-src_starter_Makefile.in (contents, props changed) Deleted: head/security/strongswan/files/patch-conf__Makefile.in head/security/strongswan/files/patch-src__starter__Makefile.in Modified: head/security/strongswan/Makefile Modified: head/security/strongswan/Makefile ============================================================================== --- head/security/strongswan/Makefile Thu Apr 16 12:45:30 2015 (r384107) +++ head/security/strongswan/Makefile Thu Apr 16 12:55:38 2015 (r384108) @@ -3,6 +3,7 @@ PORTNAME= strongswan PORTVERSION= 5.3.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ Added: head/security/strongswan/files/patch-conf_Makefile.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/strongswan/files/patch-conf_Makefile.in Thu Apr 16 12:55:38 2015 (r384108) @@ -0,0 +1,21 @@ +--- conf/Makefile.in.orig 2015-03-27 20:02:47 UTC ++++ conf/Makefile.in +@@ -860,15 +860,15 @@ install-data-local: $(plugins_install_sr + test -e "$(DESTDIR)${strongswanconfdir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanconfdir)" || true + test -e "$(DESTDIR)${strongswanddir}" || $(INSTALL) -d "$(DESTDIR)$(strongswanddir)" || true + test -e "$(DESTDIR)${charonconfdir}" || $(INSTALL) -d "$(DESTDIR)$(charonconfdir)" || true +- test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf || true ++ test -e "$(DESTDIR)$(strongswanconfdir)/strongswan.conf" || $(INSTALL) -m 644 $(srcdir)/strongswan.conf $(DESTDIR)$(strongswanconfdir)/strongswan.conf.sample || true + for f in $(options_install_src); do \ + name=`basename $$f`; \ +- test -f "$(DESTDIR)$(strongswanddir)/$$name" || $(INSTALL) -m 644 "$(srcdir)/$$f" "$(DESTDIR)$(strongswanddir)/$$name" || true; \ ++ test -f "$(DESTDIR)$(strongswanddir)/$$name" || $(INSTALL) -m 644 "$(srcdir)/$$f" "$(DESTDIR)$(strongswanddir)/$$name.sample" || true; \ + done + for f in $(plugins_install_src); do \ + name=`basename $$f`; \ + if test -f "$$f"; then dir=; else dir="$(srcdir)/"; fi; \ +- test -f "$(DESTDIR)$(charonconfdir)/$$name" || $(INSTALL) -m 644 "$$dir$$f" "$(DESTDIR)$(charonconfdir)/$$name" || true; \ ++ test -f "$(DESTDIR)$(charonconfdir)/$$name" || $(INSTALL) -m 644 "$$dir$$f" "$(DESTDIR)$(charonconfdir)/$$name.sample" || true; \ + done + + # Tell versions [3.59,3.63) of GNU make to not export all variables. Added: head/security/strongswan/files/patch-src_libcharon_plugins_smp_smp.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/strongswan/files/patch-src_libcharon_plugins_smp_smp.c Thu Apr 16 12:55:38 2015 (r384108) @@ -0,0 +1,23 @@ +--- src/libcharon/plugins/smp/smp.c.orig 2013-11-01 10:40:35 UTC ++++ src/libcharon/plugins/smp/smp.c +@@ -737,7 +737,7 @@ METHOD(plugin_t, destroy, void, + */ + plugin_t *smp_plugin_create() + { +- struct sockaddr_un unix_addr = { AF_UNIX, IPSEC_PIDDIR "/charon.xml"}; ++ struct sockaddr_un unix_addr; + private_smp_t *this; + mode_t old; + +@@ -766,6 +766,11 @@ plugin_t *smp_plugin_create() + return NULL; + } + ++ strlcpy(unix_addr.sun_path, IPSEC_PIDDIR "/charon.xml", ++ sizeof(unix_addr.sun_path)); ++ unix_addr.sun_len = sizeof(unix_addr); ++ unix_addr.sun_family = PF_LOCAL; ++ + unlink(unix_addr.sun_path); + old = umask(S_IRWXO); + if (bind(this->socket, (struct sockaddr *)&unix_addr, sizeof(unix_addr)) < 0) Added: head/security/strongswan/files/patch-src_starter_Makefile.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/strongswan/files/patch-src_starter_Makefile.in Thu Apr 16 12:55:38 2015 (r384108) @@ -0,0 +1,11 @@ +--- src/starter/Makefile.in.orig 2015-03-27 20:03:00 UTC ++++ src/starter/Makefile.in +@@ -985,7 +985,7 @@ install-exec-local : + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true +- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true ++ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf.sample || true + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded.