From owner-dev-commits-ports-all@freebsd.org Sat May 22 01:21:15 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0EA0D640438; Sat, 22 May 2021 01:21:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fn5K66k5xz3wJX; Sat, 22 May 2021 01:21:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CDE281BABF; Sat, 22 May 2021 01:21:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 14M1LEgg043179; Sat, 22 May 2021 01:21:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 14M1LEtp043178; Sat, 22 May 2021 01:21:14 GMT (envelope-from git) Date: Sat, 22 May 2021 01:21:14 GMT Message-Id: <202105220121.14M1LEtp043178@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Yuri Victorovich Subject: git: cf6fdfe01db0 - main - security/libreswan: New port: IPsec and IKE based firewall MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: yuri X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: cf6fdfe01db097233369f9b8f6ecc8e716e32923 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 May 2021 01:21:15 -0000 The branch main has been updated by yuri: URL: https://cgit.FreeBSD.org/ports/commit/?id=cf6fdfe01db097233369f9b8f6ecc8e716e32923 commit cf6fdfe01db097233369f9b8f6ecc8e716e32923 Author: Yuri Victorovich AuthorDate: 2021-05-22 01:19:49 +0000 Commit: Yuri Victorovich CommitDate: 2021-05-22 01:20:52 +0000 security/libreswan: New port: IPsec and IKE based firewall --- security/Makefile | 1 + security/libreswan/Makefile | 45 ++++++++++++++++++++++ security/libreswan/distinfo | 7 ++++ security/libreswan/files/patch-include_fd.h | 10 +++++ .../files/patch-lib_libipsecconf_confread.c | 10 +++++ .../files/patch-lib_libipsecconf_keywords.c | 10 +++++ .../libreswan/files/patch-lib_libswan_addrtypeof.c | 10 +++++ .../libreswan/files/patch-lib_libswan_initaddr.c | 10 +++++ .../files/patch-lib_libswan_ip__address.c | 11 ++++++ .../libreswan/files/patch-lib_libswan_ip__encap.c | 10 +++++ .../files/patch-lib_libswan_ip__endpoint.c | 11 ++++++ .../libreswan/files/patch-lib_libswan_ip__info.c | 11 ++++++ .../libreswan/files/patch-lib_libswan_ttoaddress.c | 10 +++++ .../files/patch-programs_pluto_kernel__bsdkame.c | 13 +++++++ .../libreswan/files/patch-programs_pluto_packet.c | 10 +++++ security/libreswan/pkg-descr | 6 +++ security/libreswan/pkg-plist | 45 ++++++++++++++++++++++ 17 files changed, 230 insertions(+) diff --git a/security/Makefile b/security/Makefile index ad319e91e1ae..b6060eb1d6e4 100644 --- a/security/Makefile +++ b/security/Makefile @@ -310,6 +310,7 @@ SUBDIR += libpwstor SUBDIR += libressl SUBDIR += libressl-devel + SUBDIR += libreswan SUBDIR += libretls SUBDIR += libscep SUBDIR += libscrypt diff --git a/security/libreswan/Makefile b/security/libreswan/Makefile new file mode 100644 index 000000000000..5acc76339fa0 --- /dev/null +++ b/security/libreswan/Makefile @@ -0,0 +1,45 @@ +PORTNAME= libreswan +DISTVERSION= 4.4 +CATEGORIES= security +MASTER_SITES= https://download.libreswan.org/ + +PATCH_SITES= https://github.com/${PORTNAME}/${PORTNAME}/commit/ +PATCHFILES= e43bc147e1342df55f51df06ef886749111d2cff.patch:-p1 # fix for https://github.com/libreswan/libreswan/issues/448 +PATCHFILES+= 607237df81c9896743f9b2cb91faab01e4d1c3fc.patch:-p1 # BSD patches: https://github.com/libreswan/libreswan/commit/607237df81c9896743f9b2cb91faab01e4d1c3fc + +MAINTAINER= yuri@FreeBSD.org +COMMENT= IPsec and IKE based firewall + +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/COPYING + +LIB_DEPENDS= libcurl.so:ftp/curl \ + libevent.so:devel/libevent \ + libldns.so:dns/ldns \ + libnspr4.so:devel/nspr \ + libnss3.so:security/nss \ + libunbound.so:dns/unbound + +USES= bison gmake pkgconfig python + +CFLAGS+= -I${WRKSRC}/include/unbound +LDFLAGS+= -lcrypt + +MAKE_ARGS= PKG_BASE=${LOCALBASE} \ + NSS_CFLAGS="`pkg-config --cflags nss`" NSPR_LDFLAGS="`pkg-config --libs nss`" \ + USE_PTHREAD_SETSCHEDPRIO=false \ + WERROR_CFLAGS="" \ + PYTHON_BINARY=${PYTHON_CMD} + +OPTIONS_DEFINE= DOCS + +post-configure: + @cd ${WRKSRC}/mk/defaults && \ + ${RLN} netbsd.mk freebsd.mk + +post-install: +.for f in _import_crl addconn algparse cavp dncheck ecdsasigkey enumcheck hunkcheck ipcheck jambufcheck keyidcheck pluto readwriteconf rsasigkey showhostkey timecheck whack + @${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/ipsec/${f} +.endfor + +.include diff --git a/security/libreswan/distinfo b/security/libreswan/distinfo new file mode 100644 index 000000000000..5c9e6f8f0c52 --- /dev/null +++ b/security/libreswan/distinfo @@ -0,0 +1,7 @@ +TIMESTAMP = 1621641154 +SHA256 (libreswan-4.4.tar.gz) = 5f3f0a20d7097f20108bc93ba1255a778d8ffb8692d05f86383978c03c394976 +SIZE (libreswan-4.4.tar.gz) = 3503201 +SHA256 (e43bc147e1342df55f51df06ef886749111d2cff.patch) = d3f168c32501ee2de41b51a747921765c3d2bef555656c098041696f29e14806 +SIZE (e43bc147e1342df55f51df06ef886749111d2cff.patch) = 1279 +SHA256 (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 8a5c42b5b0c405a67fc4b178da10a9734e34fc44cb6f6c02ce63d8dd45e11253 +SIZE (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 14059 diff --git a/security/libreswan/files/patch-include_fd.h b/security/libreswan/files/patch-include_fd.h new file mode 100644 index 000000000000..020743f2ca84 --- /dev/null +++ b/security/libreswan/files/patch-include_fd.h @@ -0,0 +1,10 @@ +--- include/fd.h.orig 2021-05-21 21:31:28 UTC ++++ include/fd.h +@@ -26,6 +26,7 @@ + + #include + #include /* for ssize_t */ ++#include + + #include "where.h" + diff --git a/security/libreswan/files/patch-lib_libipsecconf_confread.c b/security/libreswan/files/patch-lib_libipsecconf_confread.c new file mode 100644 index 000000000000..8c5788b1bea6 --- /dev/null +++ b/security/libreswan/files/patch-lib_libipsecconf_confread.c @@ -0,0 +1,10 @@ +--- lib/libipsecconf/confread.c.orig 2021-05-21 21:27:40 UTC ++++ lib/libipsecconf/confread.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + #include "lswalloc.h" + #include "ip_address.h" diff --git a/security/libreswan/files/patch-lib_libipsecconf_keywords.c b/security/libreswan/files/patch-lib_libipsecconf_keywords.c new file mode 100644 index 000000000000..7c007941568e --- /dev/null +++ b/security/libreswan/files/patch-lib_libipsecconf_keywords.c @@ -0,0 +1,10 @@ +--- lib/libipsecconf/keywords.c.orig 2021-05-21 21:28:14 UTC ++++ lib/libipsecconf/keywords.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + + #include + #include "constants.h" diff --git a/security/libreswan/files/patch-lib_libswan_addrtypeof.c b/security/libreswan/files/patch-lib_libswan_addrtypeof.c new file mode 100644 index 000000000000..3d8299c7e112 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_addrtypeof.c @@ -0,0 +1,10 @@ +--- lib/libswan/addrtypeof.c.orig 2021-05-21 18:49:29 UTC ++++ lib/libswan/addrtypeof.c +@@ -14,6 +14,7 @@ + */ + + #include ++#include + + #include "ip_address.h" + #include "ip_info.h" diff --git a/security/libreswan/files/patch-lib_libswan_initaddr.c b/security/libreswan/files/patch-lib_libswan_initaddr.c new file mode 100644 index 000000000000..5bffefeb1748 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_initaddr.c @@ -0,0 +1,10 @@ +--- lib/libswan/initaddr.c.orig 2021-04-22 15:24:33 UTC ++++ lib/libswan/initaddr.c +@@ -16,6 +16,7 @@ + */ + + #include ++#include + + #include "ip_info.h" + #include "ip_address.h" diff --git a/security/libreswan/files/patch-lib_libswan_ip__address.c b/security/libreswan/files/patch-lib_libswan_ip__address.c new file mode 100644 index 000000000000..c04a6c16759b --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__address.c @@ -0,0 +1,11 @@ +--- lib/libswan/ip_address.c.orig 2021-05-21 18:51:10 UTC ++++ lib/libswan/ip_address.c +@@ -16,6 +16,8 @@ + * License for more details. + */ + ++#include ++ + #include "jambuf.h" + #include "ip_address.h" + #include "lswlog.h" /* for dbg() */ diff --git a/security/libreswan/files/patch-lib_libswan_ip__encap.c b/security/libreswan/files/patch-lib_libswan_ip__encap.c new file mode 100644 index 000000000000..ec0c30e2f9ba --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__encap.c @@ -0,0 +1,10 @@ +--- lib/libswan/ip_encap.c.orig 2021-05-21 18:52:58 UTC ++++ lib/libswan/ip_encap.c +@@ -19,6 +19,7 @@ + #ifdef linux + # include /* for TCP_ENCAP_ESPINTCP and UDP_ENCAP_ESPINUDP */ + #else ++# include + # include /* for UDP_ENCAP_ESPINUDP aka NAT */ + #endif + diff --git a/security/libreswan/files/patch-lib_libswan_ip__endpoint.c b/security/libreswan/files/patch-lib_libswan_ip__endpoint.c new file mode 100644 index 000000000000..905a61816783 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__endpoint.c @@ -0,0 +1,11 @@ +--- lib/libswan/ip_endpoint.c.orig 2021-05-21 18:53:45 UTC ++++ lib/libswan/ip_endpoint.c +@@ -14,6 +14,8 @@ + * + */ + ++#include ++ + #include "jambuf.h" + #include "ip_endpoint.h" + #include "constants.h" /* for memeq() */ diff --git a/security/libreswan/files/patch-lib_libswan_ip__info.c b/security/libreswan/files/patch-lib_libswan_ip__info.c new file mode 100644 index 000000000000..33d690c85c47 --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ip__info.c @@ -0,0 +1,11 @@ +--- lib/libswan/ip_info.c.orig 2021-05-21 18:51:44 UTC ++++ lib/libswan/ip_info.c +@@ -17,6 +17,8 @@ + * for more details. + */ + ++#include ++ + #include "ietf_constants.h" + #include "ip_info.h" + #include "passert.h" diff --git a/security/libreswan/files/patch-lib_libswan_ttoaddress.c b/security/libreswan/files/patch-lib_libswan_ttoaddress.c new file mode 100644 index 000000000000..fb2ec579f6ca --- /dev/null +++ b/security/libreswan/files/patch-lib_libswan_ttoaddress.c @@ -0,0 +1,10 @@ +--- lib/libswan/ttoaddress.c.orig 2021-05-21 18:49:01 UTC ++++ lib/libswan/ttoaddress.c +@@ -18,6 +18,7 @@ + + #include + #include /* for gethostbyname2() */ ++#include + + #include "ip_address.h" + #include "ip_info.h" diff --git a/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c b/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c new file mode 100644 index 000000000000..4c962ee0e7fe --- /dev/null +++ b/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c @@ -0,0 +1,13 @@ +--- programs/pluto/kernel_bsdkame.c.orig 2021-05-21 21:30:08 UTC ++++ programs/pluto/kernel_bsdkame.c +@@ -24,6 +24,10 @@ + #include + #include + ++#if defined(__FreeBSD__) ++#include ++#endif ++ + #include + #include + #include diff --git a/security/libreswan/files/patch-programs_pluto_packet.c b/security/libreswan/files/patch-programs_pluto_packet.c new file mode 100644 index 000000000000..534cee3f8d43 --- /dev/null +++ b/security/libreswan/files/patch-programs_pluto_packet.c @@ -0,0 +1,10 @@ +--- programs/pluto/packet.c.orig 2021-05-21 23:54:59 UTC ++++ programs/pluto/packet.c +@@ -22,6 +22,7 @@ + #include + #include + #include ++#include + + #include "constants.h" + #include "lswalloc.h" diff --git a/security/libreswan/pkg-descr b/security/libreswan/pkg-descr new file mode 100644 index 000000000000..ffe34de2d250 --- /dev/null +++ b/security/libreswan/pkg-descr @@ -0,0 +1,6 @@ +Libreswan is a free software implementation of the most widely supported and +standardized VPN protocol using "IPsec" and the Internet Key Exchange ("IKE"). +These standards are produced and maintained by the Internet Engineering Task +Force ("IETF"). + +WWW: https://libreswan.org/ diff --git a/security/libreswan/pkg-plist b/security/libreswan/pkg-plist new file mode 100644 index 000000000000..3ecc6e1c6f11 --- /dev/null +++ b/security/libreswan/pkg-plist @@ -0,0 +1,45 @@ +/etc/pam.d/pluto +etc/ipsec.conf +etc/ipsec.d/policies/block +etc/ipsec.d/policies/clear +etc/ipsec.d/policies/clear-or-private +etc/ipsec.d/policies/portexcludes.conf +etc/ipsec.d/policies/private +etc/ipsec.d/policies/private-or-clear +etc/ipsec.secrets +etc/logrotate.d/libreswan +libexec/ipsec/_import_crl +libexec/ipsec/_plutorun +libexec/ipsec/_realsetup +libexec/ipsec/_secretcensor +libexec/ipsec/_stackmanager +libexec/ipsec/_unbound-hook +libexec/ipsec/_updown +libexec/ipsec/_updown.bsdkame +libexec/ipsec/addconn +libexec/ipsec/algparse +libexec/ipsec/auto +libexec/ipsec/barf +libexec/ipsec/cavp +libexec/ipsec/dncheck +libexec/ipsec/ecdsasigkey +libexec/ipsec/enumcheck +libexec/ipsec/hunkcheck +libexec/ipsec/ipcheck +libexec/ipsec/jambufcheck +libexec/ipsec/keyidcheck +libexec/ipsec/letsencrypt +libexec/ipsec/look +libexec/ipsec/newhostkey +libexec/ipsec/pluto +libexec/ipsec/readwriteconf +libexec/ipsec/rsasigkey +libexec/ipsec/setup +libexec/ipsec/show +libexec/ipsec/showhostkey +libexec/ipsec/timecheck +libexec/ipsec/verify +libexec/ipsec/whack +sbin/ipsec +%%PORTDOCS%%%%DOCSDIR%%/ipsec.conf-sample +%%PORTDOCS%%%%DOCSDIR%%/ipsec.secrets-sample