Date: Sat, 22 May 2021 01:21:14 GMT From: Yuri Victorovich <yuri@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: cf6fdfe01db0 - main - security/libreswan: New port: IPsec and IKE based firewall Message-ID: <202105220121.14M1LEtp043178@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by yuri: URL: https://cgit.FreeBSD.org/ports/commit/?id=cf6fdfe01db097233369f9b8f6ecc8e716e32923 commit cf6fdfe01db097233369f9b8f6ecc8e716e32923 Author: Yuri Victorovich <yuri@FreeBSD.org> AuthorDate: 2021-05-22 01:19:49 +0000 Commit: Yuri Victorovich <yuri@FreeBSD.org> CommitDate: 2021-05-22 01:20:52 +0000 security/libreswan: New port: IPsec and IKE based firewall --- security/Makefile | 1 + security/libreswan/Makefile | 45 ++++++++++++++++++++++ security/libreswan/distinfo | 7 ++++ security/libreswan/files/patch-include_fd.h | 10 +++++ .../files/patch-lib_libipsecconf_confread.c | 10 +++++ .../files/patch-lib_libipsecconf_keywords.c | 10 +++++ .../libreswan/files/patch-lib_libswan_addrtypeof.c | 10 +++++ .../libreswan/files/patch-lib_libswan_initaddr.c | 10 +++++ .../files/patch-lib_libswan_ip__address.c | 11 ++++++ .../libreswan/files/patch-lib_libswan_ip__encap.c | 10 +++++ .../files/patch-lib_libswan_ip__endpoint.c | 11 ++++++ .../libreswan/files/patch-lib_libswan_ip__info.c | 11 ++++++ .../libreswan/files/patch-lib_libswan_ttoaddress.c | 10 +++++ .../files/patch-programs_pluto_kernel__bsdkame.c | 13 +++++++ .../libreswan/files/patch-programs_pluto_packet.c | 10 +++++ security/libreswan/pkg-descr | 6 +++ security/libreswan/pkg-plist | 45 ++++++++++++++++++++++ 17 files changed, 230 insertions(+) diff --git a/security/Makefile b/security/Makefile index ad319e91e1ae..b6060eb1d6e4 100644 --- a/security/Makefile +++ b/security/Makefile @@ -310,6 +310,7 @@ SUBDIR += libpwstor SUBDIR += libressl SUBDIR += libressl-devel + SUBDIR += libreswan SUBDIR += libretls SUBDIR += libscep SUBDIR += libscrypt diff --git a/security/libreswan/Makefile b/security/libreswan/Makefile new file mode 100644 index 000000000000..5acc76339fa0 --- /dev/null +++ b/security/libreswan/Makefile @@ -0,0 +1,45 @@ +PORTNAME= libreswan +DISTVERSION= 4.4 +CATEGORIES= security +MASTER_SITES= https://download.libreswan.org/ + +PATCH_SITES= https://github.com/${PORTNAME}/${PORTNAME}/commit/ +PATCHFILES= e43bc147e1342df55f51df06ef886749111d2cff.patch:-p1 # fix for https://github.com/libreswan/libreswan/issues/448 +PATCHFILES+= 607237df81c9896743f9b2cb91faab01e4d1c3fc.patch:-p1 # BSD patches: https://github.com/libreswan/libreswan/commit/607237df81c9896743f9b2cb91faab01e4d1c3fc + +MAINTAINER= yuri@FreeBSD.org +COMMENT= IPsec and IKE based firewall + +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/COPYING + +LIB_DEPENDS= libcurl.so:ftp/curl \ + libevent.so:devel/libevent \ + libldns.so:dns/ldns \ + libnspr4.so:devel/nspr \ + libnss3.so:security/nss \ + libunbound.so:dns/unbound + +USES= bison gmake pkgconfig python + +CFLAGS+= -I${WRKSRC}/include/unbound +LDFLAGS+= -lcrypt + +MAKE_ARGS= PKG_BASE=${LOCALBASE} \ + NSS_CFLAGS="`pkg-config --cflags nss`" NSPR_LDFLAGS="`pkg-config --libs nss`" \ + USE_PTHREAD_SETSCHEDPRIO=false \ + WERROR_CFLAGS="" \ + PYTHON_BINARY=${PYTHON_CMD} + +OPTIONS_DEFINE= DOCS + +post-configure: + @cd ${WRKSRC}/mk/defaults && \ + ${RLN} netbsd.mk freebsd.mk + +post-install: +.for f in _import_crl addconn algparse cavp dncheck ecdsasigkey enumcheck hunkcheck ipcheck jambufcheck keyidcheck pluto readwriteconf rsasigkey showhostkey timecheck whack + @${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/ipsec/${f} +.endfor + +.include <bsd.port.mk> diff --git a/security/libreswan/distinfo b/security/libreswan/distinfo new file mode 100644 index 000000000000..5c9e6f8f0c52 --- /dev/null +++ b/security/libreswan/distinfo @@ -0,0 +1,7 @@ +TIMESTAMP = 1621641154 +SHA256 (libreswan-4.4.tar.gz) = 5f3f0a20d7097f20108bc93ba1255a778d8ffb8692d05f86383978c03c394976 +SIZE (libreswan-4.4.tar.gz) = 3503201 +SHA256 (e43bc147e1342df55f51df06ef886749111d2cff.patch) = d3f168c32501ee2de41b51a747921765c3d2bef555656c098041696f29e14806 +SIZE (e43bc147e1342df55f51df06ef886749111d2cff.patch) = 1279 +SHA256 (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 8a5c42b5b0c405a67fc4b178da10a9734e34fc44cb6f6c02ce63d8dd45e11253 +SIZE (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 14059 diff --git a/security/libreswan/files/patch-include_fd.h b/security/libreswan/files/patch-include_fd.h new file mode 100644 index 000000000000..020743f2ca84 --- /dev/null +++ b/security/libreswan/files/patch-include_fd.h @@ -0,0 +1,10 @@ +--- include/fd.h.orig 2021-05-21 21:31:28 UTC ++++ include/fd.h +@@ -26,6 +26,7 @@ + + #include <stdbool.h> + #include <stdlib.h> /* for ssize_t */ ++#include <sys/types.h> + + #include "where.h" + diff --git a/security/libreswan/files/patch-lib_libipsecconf_confread.c b/security/libreswan/files/patch-lib_libipsecconf_confread.c new file mode 100644 index 000000000000..8c5788b1bea6 --- /dev/null +++ b/security/libreswan/files/patch-lib_libipsecconf_confread.c @@ -0,0 +1,10 @@ +--- lib/libipsecconf/confread.c.orig 2021-05-21 21:27:40 UTC ++++ lib/libipsecconf/confread.c +@@ -33,6 +33,7 @@ + #include <stdio.h> + #include <string.h> + #include <assert.h> ++#include <sys/socket.h> + + #include "lswalloc.h" + #include "ip_address.h" diff --git a/security/libreswan/files/patch-lib_libipsecconf_keywords.c b/security/libreswan/files/patch-lib_libipsecconf_keywords.c new file mode 100644 index 000000000000..7c007941568e --- /dev/null +++ b/security/libreswan/files/patch-lib_libipsecconf_keywords.c @@ -0,0 +1,10 @@ +--- lib/libipsecconf/keywords.c.orig 2021-05-21 21:28:14 UTC ++++ lib/libipsecconf/keywords.c +@@ -28,6 +28,7 @@ + #include <stdlib.h> + #include <stdio.h> + #include <limits.h> ++#include <sys/socket.h> + + #include <libreswan.h> + #include "constants.h" diff --git a/security/libreswan/files/patch-lib_libswan_addrtypeof.c b/security/libreswan/files/patch-lib_libswan_addrtypeof.c new file mode 100644 index 000000000000..3d8299c7e112 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_addrtypeof.c @@ -0,0 +1,10 @@ +--- lib/libswan/addrtypeof.c.orig 2021-05-21 18:49:29 UTC ++++ lib/libswan/addrtypeof.c +@@ -14,6 +14,7 @@ + */ + + #include <string.h> ++#include <sys/socket.h> + + #include "ip_address.h" + #include "ip_info.h" diff --git a/security/libreswan/files/patch-lib_libswan_initaddr.c b/security/libreswan/files/patch-lib_libswan_initaddr.c new file mode 100644 index 000000000000..5bffefeb1748 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_initaddr.c @@ -0,0 +1,10 @@ +--- lib/libswan/initaddr.c.orig 2021-04-22 15:24:33 UTC ++++ lib/libswan/initaddr.c +@@ -16,6 +16,7 @@ + */ + + #include <string.h> ++#include <sys/socket.h> + + #include "ip_info.h" + #include "ip_address.h" diff --git a/security/libreswan/files/patch-lib_libswan_ip__address.c b/security/libreswan/files/patch-lib_libswan_ip__address.c new file mode 100644 index 000000000000..c04a6c16759b --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__address.c @@ -0,0 +1,11 @@ +--- lib/libswan/ip_address.c.orig 2021-05-21 18:51:10 UTC ++++ lib/libswan/ip_address.c +@@ -16,6 +16,8 @@ + * License for more details. + */ + ++#include <sys/socket.h> ++ + #include "jambuf.h" + #include "ip_address.h" + #include "lswlog.h" /* for dbg() */ diff --git a/security/libreswan/files/patch-lib_libswan_ip__encap.c b/security/libreswan/files/patch-lib_libswan_ip__encap.c new file mode 100644 index 000000000000..ec0c30e2f9ba --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__encap.c @@ -0,0 +1,10 @@ +--- lib/libswan/ip_encap.c.orig 2021-05-21 18:52:58 UTC ++++ lib/libswan/ip_encap.c +@@ -19,6 +19,7 @@ + #ifdef linux + # include <linux/udp.h> /* for TCP_ENCAP_ESPINTCP and UDP_ENCAP_ESPINUDP */ + #else ++# include <sys/types.h> + # include <netinet/udp.h> /* for UDP_ENCAP_ESPINUDP aka NAT */ + #endif + diff --git a/security/libreswan/files/patch-lib_libswan_ip__endpoint.c b/security/libreswan/files/patch-lib_libswan_ip__endpoint.c new file mode 100644 index 000000000000..905a61816783 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__endpoint.c @@ -0,0 +1,11 @@ +--- lib/libswan/ip_endpoint.c.orig 2021-05-21 18:53:45 UTC ++++ lib/libswan/ip_endpoint.c +@@ -14,6 +14,8 @@ + * + */ + ++#include <sys/socket.h> ++ + #include "jambuf.h" + #include "ip_endpoint.h" + #include "constants.h" /* for memeq() */ diff --git a/security/libreswan/files/patch-lib_libswan_ip__info.c b/security/libreswan/files/patch-lib_libswan_ip__info.c new file mode 100644 index 000000000000..33d690c85c47 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__info.c @@ -0,0 +1,11 @@ +--- lib/libswan/ip_info.c.orig 2021-05-21 18:51:44 UTC ++++ lib/libswan/ip_info.c +@@ -17,6 +17,8 @@ + * for more details. + */ + ++#include <sys/socket.h> ++ + #include "ietf_constants.h" + #include "ip_info.h" + #include "passert.h" diff --git a/security/libreswan/files/patch-lib_libswan_ttoaddress.c b/security/libreswan/files/patch-lib_libswan_ttoaddress.c new file mode 100644 index 000000000000..fb2ec579f6ca --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ttoaddress.c @@ -0,0 +1,10 @@ +--- lib/libswan/ttoaddress.c.orig 2021-05-21 18:49:01 UTC ++++ lib/libswan/ttoaddress.c +@@ -18,6 +18,7 @@ + + #include <string.h> + #include <netdb.h> /* for gethostbyname2() */ ++#include <sys/socket.h> + + #include "ip_address.h" + #include "ip_info.h" diff --git a/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c b/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c new file mode 100644 index 000000000000..4c962ee0e7fe --- /dev/null +++ b/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c @@ -0,0 +1,13 @@ +--- programs/pluto/kernel_bsdkame.c.orig 2021-05-21 21:30:08 UTC ++++ programs/pluto/kernel_bsdkame.c +@@ -24,6 +24,10 @@ + #include <string.h> + #include <unistd.h> + ++#if defined(__FreeBSD__) ++#include <sys/queue.h> ++#endif ++ + #include <sys/select.h> + #include <sys/time.h> + #include <sys/socket.h> diff --git a/security/libreswan/files/patch-programs_pluto_packet.c b/security/libreswan/files/patch-programs_pluto_packet.c new file mode 100644 index 000000000000..534cee3f8d43 --- /dev/null +++ b/security/libreswan/files/patch-programs_pluto_packet.c @@ -0,0 +1,10 @@ +--- programs/pluto/packet.c.orig 2021-05-21 23:54:59 UTC ++++ programs/pluto/packet.c +@@ -22,6 +22,7 @@ + #include <stddef.h> + #include <netinet/in.h> + #include <string.h> ++#include <sys/socket.h> + + #include "constants.h" + #include "lswalloc.h" diff --git a/security/libreswan/pkg-descr b/security/libreswan/pkg-descr new file mode 100644 index 000000000000..ffe34de2d250 --- /dev/null +++ b/security/libreswan/pkg-descr @@ -0,0 +1,6 @@ +Libreswan is a free software implementation of the most widely supported and +standardized VPN protocol using "IPsec" and the Internet Key Exchange ("IKE"). +These standards are produced and maintained by the Internet Engineering Task +Force ("IETF"). + +WWW: https://libreswan.org/ diff --git a/security/libreswan/pkg-plist b/security/libreswan/pkg-plist new file mode 100644 index 000000000000..3ecc6e1c6f11 --- /dev/null +++ b/security/libreswan/pkg-plist @@ -0,0 +1,45 @@ +/etc/pam.d/pluto +etc/ipsec.conf +etc/ipsec.d/policies/block +etc/ipsec.d/policies/clear +etc/ipsec.d/policies/clear-or-private +etc/ipsec.d/policies/portexcludes.conf +etc/ipsec.d/policies/private +etc/ipsec.d/policies/private-or-clear +etc/ipsec.secrets +etc/logrotate.d/libreswan +libexec/ipsec/_import_crl +libexec/ipsec/_plutorun +libexec/ipsec/_realsetup +libexec/ipsec/_secretcensor +libexec/ipsec/_stackmanager +libexec/ipsec/_unbound-hook +libexec/ipsec/_updown +libexec/ipsec/_updown.bsdkame +libexec/ipsec/addconn +libexec/ipsec/algparse +libexec/ipsec/auto +libexec/ipsec/barf +libexec/ipsec/cavp +libexec/ipsec/dncheck +libexec/ipsec/ecdsasigkey +libexec/ipsec/enumcheck +libexec/ipsec/hunkcheck +libexec/ipsec/ipcheck +libexec/ipsec/jambufcheck +libexec/ipsec/keyidcheck +libexec/ipsec/letsencrypt +libexec/ipsec/look +libexec/ipsec/newhostkey +libexec/ipsec/pluto +libexec/ipsec/readwriteconf +libexec/ipsec/rsasigkey +libexec/ipsec/setup +libexec/ipsec/show +libexec/ipsec/showhostkey +libexec/ipsec/timecheck +libexec/ipsec/verify +libexec/ipsec/whack +sbin/ipsec +%%PORTDOCS%%%%DOCSDIR%%/ipsec.conf-sample +%%PORTDOCS%%%%DOCSDIR%%/ipsec.secrets-sample
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105220121.14M1LEtp043178>