Date: Fri, 14 May 2004 01:11:49 +0200 (CEST) From: Christian Lackas <delta@lackas.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/66624: [maintainer-update] security/vpnc update to new version Message-ID: <200405132311.i4DNBnvA017704@zel726.zel.kfa-juelich.de> Resent-Message-ID: <200405132320.i4DNKFYF006378@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 66624 >Category: ports >Synopsis: [maintainer-update] security/vpnc update to new version >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu May 13 16:20:14 PDT 2004 >Closed-Date: >Last-Modified: >Originator: Christian Lackas >Release: FreeBSD 5.2.1-RELEASE-p5 i386 >Organization: Troja Incorporated >Environment: System: FreeBSD zel726.zel.kfa-juelich.de 5.2.1-RELEASE-p5 FreeBSD 5.2.1-RELEASE-p5 #7: Thu May 13 16:24:06 CEST 2004 root@zel726.zel.kfa-juelich.de:/usr/obj/usr/src/sys/KERNEL.ZEL726 i386 >Description: - update to vpnc-0.2-rm+zomb.1.tar.gz Thu May 13 23:34:09 CEST 2004 - updated man-page >How-To-Repeat: >Fix: cd /usr/ports/security && patch -p0 <vpnc-0.2_8.patch Patch is attached an available at http://www.lackas.net/freebsd/vpnc-0.2_8.patch diff -urN /usr/ports/security/vpnc/Makefile vpnc/Makefile --- /usr/ports/security/vpnc/Makefile Fri May 14 01:01:04 2004 +++ vpnc/Makefile Fri May 14 01:05:21 2004 @@ -7,11 +7,11 @@ PORTNAME= vpnc PORTVERSION= 0.2 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/:source \ http://dragon.roe.ch/mirrors/distfiles/vpnc/:script -DISTNAME= ${PORTNAME}-${PORTVERSION}-rm+zomb-pre9 +DISTNAME= ${PORTNAME}-${PORTVERSION}-rm+zomb.1 DISTFILES= ${DISTNAME}${EXTRACT_SUFX}:source ${STARTSCRIPT}:script EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} @@ -50,7 +50,8 @@ @${INSTALL_SCRIPT} -m 755 ${WRKDIR}/vpnc.sh-fulltunnel ${PREFIX}/etc/rc.d/vpnc.sh.sample-fulltunnel @${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf ${PREFIX}/etc/vpnc.conf.sample .if !defined(NO_INSTALL_MANPAGES) - @${INSTALL_MAN} ${FILESDIR}/vpnc.8 ${PREFIX}/man/man8 + @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/vpnc.8 + @${INSTALL_MAN} ${WRKSRC}/vpnc.8 ${PREFIX}/man/man8 .endif .if !defined(NOPORTDOCS) ${MKDIR} ${DOCSDIR} diff -urN /usr/ports/security/vpnc/distinfo vpnc/distinfo --- /usr/ports/security/vpnc/distinfo Fri May 14 01:01:04 2004 +++ vpnc/distinfo Fri May 14 00:54:43 2004 @@ -1,4 +1,4 @@ -MD5 (vpnc-0.2-rm+zomb-pre9.tar.gz) = 252b565a4cb8a85644fa00fc96d4c3c2 -SIZE (vpnc-0.2-rm+zomb-pre9.tar.gz) = 52182 +MD5 (vpnc-0.2-rm+zomb.1.tar.gz) = ded67de747874c4245ed8405146dc94a +SIZE (vpnc-0.2-rm+zomb.1.tar.gz) = 54166 MD5 (vpnc-wrapper-1.10) = 32c11fe4de7f0cda2fdfcc7dd2a40271 SIZE (vpnc-wrapper-1.10) = 6414 diff -urN /usr/ports/security/vpnc/files/patch-vpnc.8 vpnc/files/patch-vpnc.8 --- /usr/ports/security/vpnc/files/patch-vpnc.8 Thu Jan 1 01:00:00 1970 +++ vpnc/files/patch-vpnc.8 Fri May 14 00:53:47 2004 @@ -0,0 +1,169 @@ +--- vpnc.8.orig Fri May 14 00:27:57 2004 ++++ vpnc.8 Fri May 14 00:53:08 2004 +@@ -1,4 +1,5 @@ +-.TH "VPNC" "8" "13 Mai 2004" "Debian" "vpnc" ++.\" groff -man -Tascii vpnc.8 ++.TH "VPNC" "8" "Mai 2004" "FreeBSD" "vpnc" + + .SH NAME + vpnc \- client for cisco3000 VPN Concentrator +@@ -36,10 +37,6 @@ + + .SH "DESCRIPTION" + .PP +-This manual page documents briefly the +-\fBvpnc\fR, \fBvpnc\-connect\fR and +-\fBvpnc\-disconnect\fR commands. +-.PP + \fBvpnc\fR is a + VPN client for the Cisco 3000 VPN Concentrator, creating a IPSec-like + connection as a tunneling network device for the local system. It uses +@@ -57,26 +54,17 @@ + command (see \-\-script) to configure the interface and care about the + route setup. By default, only a simple ifconfig command is executed. + .PP +-The command \fBvpnc\-connect\fR is a helper script that will assist on +-connection invocation and routing configuration. It can also be used to manage configuration files +-for multiple VPN connections. The script can be started by the user or +-from the daemon (see \-\-script) when the connection is established. In +-the first case, it will simply run the daemon after some environment +-checks. When executed by the daemon later, it will create a minimalistic +-host route to the gateway and configures the default gateway +-configuration of Linux to run over the VPN tunnel. +-.PP +-The \fBvpnc\-disconnect\fR command is used to terminate +-the connection previously created by \fBvpnc\-connect\fR +-and restore the previous routing configuration. ++The script installed at \fB%%PREFIX%%/etc/rc.d/vpnc.sh.sample\fR contains an example ++of how to set up a tunnel. The \fBvpnc.sh.sample-fulltunnel\fR is are more intelligent ++script to set up a full tunnel. + + .SH CONFIGURATION + The daemon reads configuration data from the following places: + .PD 0 + .IP "- command line options" + .IP "- config file(s) specified on the command line" +-.IP "- /etc/vpnc/default.conf" +-.IP "- /etc/vpnc.conf" ++.IP "- %%PREFIX%%/etc/vpnc/default.conf" ++.IP "- %%PREFIX%%/etc/vpnc.conf" + .IP "- prompting the user if not found above" + + .PP +@@ -104,66 +92,66 @@ + IP or host name of your IPSec gateway + + .IP "\-\-id <ASCII string>" +- Your group name in <ASCII string> ++Your group name in <ASCII string> + + .IP "\-\-username <ASCII string>" +- Your username ++Your username + + .IP "\-\-script <command>" +- The <command> specified here is executed when the connection has been +- established, in order to configure the interface, routing and so on. +- Device name, IP, etc. are passed using enviroment variables, see +- README. This script is executed right after ISAKMP is done, but befor +- tunneling is enabled. Some environment variables are set and can be +- used for the detail configuration. Default command: ifconfig $TUNDEV +- inet $INTERNAL_IP4_ADDRESS pointopoint $INTERNAL_IP4_ADDRESS netmask +- 255.255.255.255 mtu 1412 up ++The <command> specified here is executed when the connection has been ++established, in order to configure the interface, routing and so on. ++Device name, IP, etc. are passed using enviroment variables, see ++README. This script is executed right after ISAKMP is done, but befor ++tunneling is enabled. Some environment variables (namely TUNDEV and VPNGATEWAY) ++are set and can be used for the detail configuration. Default command: ifconfig ++$TUNDEV inet $INTERNAL_IP4_ADDRESS pointopoint $INTERNAL_IP4_ADDRESS netmask ++255.255.255.255 mtu 1412 up. + + .IP "\-\-domain <ASCII string>" +- Domain name for authentication, sometimes needed for authentification +- against Windows NT domains. ++Domain name for authentication, sometimes needed for authentification ++against Windows NT domains. + + .IP "\-\-dh <dh1/dh2/dh5>" +- Name of the IKE DH Group (default: dh2) ++Name of the IKE DH Group (default: dh2). + + .IP "\-\-pfs <nopfs/dh1/dh2/dh5/server>" +- Diffie-Hellman group to use for PFS, one of nopfs, dh1, dh2, dh5 or +- server (default: server). ++Diffie-Hellman group to use for PFS, one of nopfs, dh1, dh2, dh5 or ++server (default: server). + + .IP "\-\-enable\-1des" +- Enables weak Single DES encryption ++Enables weak Single DES encryption. + + .IP "\-\-application\-version <ASCII string>" +- Application Version to report to the server when identifying ourself +- (default: Cisco Systems VPN Client <vpnc-version>) ++Application Version to report to the server when identifying ourself ++(default: Cisco Systems VPN Client <vpnc-version>). + + .IP "\-\-ifname <ASCII string>" +- The virtual name of the Linux network interface assigned to the tunnel +- endpoint ++The virtual name of the network interface assigned to the tunnel ++endpoint (default: first available tunX). + + .IP "\-\-debug <0/1/2/3/99>" +- Show verbose debug messages with different verbosity levels ++Show verbose debug messages with different verbosity levels. + + .IP "\-\-no\-detach" +- Don't detach from the console (go to background) after login ++Don't detach from the console (go to background) after login. + + .IP "\-\-pid\-file <filename>" +- Store the pid of background process in a file ++Store the pid of background process in a file. + + .IP "\-\-local-port <0-65535>" +- Local ISAKMP port number to use (0 == use random port, 500 is default) ++Local ISAKMP port number to use (0 == use random port, 500 is default). + + .IP "\-\-non-inter" +- Don't ask anything, exit on missing options ++Don't ask anything, exit on missing options. + + .IP "\-\-print\-config" +- Prints your configuration; output can be used as vpnc.conf ++Prints your configuration; output can be used as vpnc.conf. + + .SH FILES +-.I /etc/vpnc.conf ++.I %%PREFIX%%/etc/vpnc.conf + .RS + The default configuration file. You can specify the same config +-directives as with command line options and additionaly ++directives as with command line options and additionaly. + .B IPSec secret + and + .B Xauth password +@@ -175,7 +163,7 @@ + for further details. + .RE + +-.I /etc/vpnc/*.conf ++.I %%PREFIX%%/etc/vpnc/*.conf + .RS + The vpnc\-connect will read configuration files in this directory when + the config script name (without .conf) is specified on the command line. +@@ -234,8 +222,8 @@ + On Debian systems, the complete text of the GNU General Public + License can be found in /usr/share/common\-licenses/GPL. + .SH "SEE ALSO" +-.BR ip (8), +-.BR ifconfig (8), +-.BR route (1), ++.BR tun(4), ++.BR ifconfig(8), ++.BR route(8), + .BR http://www.unix\-ag.uni\-kl.de/~massar/vpnc/ +- ++.BR %%PREFIX%%/etc/rc.d/vpnc.sh.sample-fulltunnel diff -urN /usr/ports/security/vpnc/files/patch-vpnc.c vpnc/files/patch-vpnc.c --- /usr/ports/security/vpnc/files/patch-vpnc.c Wed May 5 11:44:39 2004 +++ vpnc/files/patch-vpnc.c Fri May 14 00:51:04 2004 @@ -1,27 +1,5 @@ --- vpnc.c.dist Mon May 3 14:13:05 2004 +++ vpnc.c Mon May 3 14:13:41 2004 -@@ -1527,10 +1527,10 @@ - reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED; - break; - } -- strbuf = xallocc(a->u.lots.length)+1; -+ strbuf = xallocc(a->u.lots.length+1); - memcpy(strbuf, a->u.lots.data, a->u.lots.length); - addenv("CISCO_DEF_DOMAIN", strbuf); -- /*free(strbuf); free(): invalid pointer 0x80593f9! FIXME */ -+ free(strbuf); - break; - - case ISAKMP_MODECFG_ATTRIB_CISCO_BANNER: -@@ -1538,7 +1538,7 @@ - reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED; - break; - } -- strbuf = xallocc(a->u.lots.length)+1; -+ strbuf = xallocc(a->u.lots.length+1); - memcpy(strbuf, a->u.lots.data, a->u.lots.length); - addenv("CISCO_BANNER", strbuf); - free(strbuf); @@ -2162,8 +2162,8 @@ else read_config_file (argv[i], config, 0); diff -urN /usr/ports/security/vpnc/files/vpnc.8 vpnc/files/vpnc.8 --- /usr/ports/security/vpnc/files/vpnc.8 Fri Jan 30 14:34:26 2004 +++ vpnc/files/vpnc.8 Thu Jan 1 01:00:00 1970 @@ -1,135 +0,0 @@ -.\" Process this file with -.\" groff -man -Tascii vpnc.8 -.\" -.TH VPNC 8 "December 2003" FreeBSD "vpnc" -.SH NAME -vpnc \- Client for Cisco 3000 VPN Concentrator -.SH SYNOPSIS -.B vpnc [ --gateway -.I IP-or-hostname -.B ] [ --id -.I IPSec group Id -.B ] [ --username -.I name -.B ] [ --ifname -.I name -.B ] [ --local-port -.I port number -.B ] [ --pid-file -.I filename -.B ] [ --dh -.I IKE DH group -.B ] [ --pfs -.I PFS group -.B ] [ --non-inter ] [ --debug ] [ --no-detach ] [ --print-config ] -.SH DESCRIPTION -.B vpnc -is a VPN client for the Cisco 3000 VPN Concentrator, -creating a IPSec-like connection as a tunneling -network device for the local system. It uses the -TUN/TAP driver in Linux kernel 2.4 and above and -device -.BR tun (4) -on BSD. It runs completely in user space. - -The vpnc daemon by it self does not set any routes. The user -has to do it on its own, e.g. for a full tunnel under FreeBSD - -.RS -.PD 0 -route add -host VPNGATEWAY ROUTER -.P -route delete default -.P -route add default -interface tun0 -.PD -.RE -.SH CONFIGURATION -The daemon reads configuration data from the following places: -.PD 0 -.IP "- command line options" -.IP "- config file(s) specified on the command line" -.IP "- PREFIX/etc/vpnc.conf" -.IP "- prompting the user if not found above" -.PD -.SH OPTIONS -.IP "--gateway IP-or-hostname" -IP address or hostname of the VPN gateway -.IP "--id IPSec group Id" -ID of the IPSec group -.IP "--username name" -your user credentials -.IP "--ifname name" -name of the tun-interface to use -.IP "--local-port port number" -use this port for the connection <0-65535> to allow multiple instances of vpnc -running, use 0 a for -.I random -port -.IP "--pid-file filename" -store the pid of background process there -.IP "--dh IKE DH group" -name of the IKE DH Group <dh1/dh2/dh5> -.IP "--pfs PFS group" -Perfect Forward Secrecy <nopfs/dh1/dh2/dh5> -.IP "--non-inter" -non interactive mode, don't ask any questions -.IP "--debug nr" -set debugging level: none(0), basic(1), control flow(2), packet dump(3), -include username/password(99) -.IP "--no-detach" -do not send daemon to background -.IP "--print-config" -prints your configuration; output can be used as vpnc.conf - -.SH FILES -.I PREFIX/etc/vpnc.conf -.RS -The default configuration file. See -.BR EXAMPLES -for further details. -.RE - -.SH EXAMPLES -This is an example vpnc.conf: - -.RS -.PD 0 -IKE DH Group dh2 -.P -Perfect Forward Secrecy nopfs -.P -IPSec gateway vpn.rwth-aachen.de -.P -IPSec ID MoPS -.P -IPSec secret mopsWLAN -.P -Xauth username abcdef -.P -Xauth password 123456 -.PD -.RE - -The values start exactly one space after the keywords, and run to the end of -line. This lets you put any kind of weird character (except EOL and NUL) in -your strings, but it does mean you can't add comments after a string, or spaces -before them. - -See also the -.B --print-config -option to generate a config file. - -.SH TODO -Re-keying is no implemented yet (default rekey-intervall is 8 hours). - -.SH AUTHOR -This man-page has been written by Christian Lackas <delta(at)lackas.net>, -based on the Debian man-page -by Eduard Bloch <blade(at)debian.org> and the vpnc README by -Maurice Massar <vpnc(at)unix-ag.uni-kl.de> - -.SH "SEE ALSO" -.BR tun (4), -.BR route (1), -.BR http://www.unix-ag.uni-kl.de/~massar/vpnc/ -- http://www.couven95.de/ http://www.lackas.net/ http://www.lackas.com/ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405132311.i4DNBnvA017704>