From owner-svn-ports-all@FreeBSD.ORG Fri Feb 14 14:38:04 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 054E5160 for ; Fri, 14 Feb 2014 14:38:04 +0000 (UTC) Received: from mail-ob0-x22b.google.com (mail-ob0-x22b.google.com [IPv6:2607:f8b0:4003:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B5F351D97 for ; Fri, 14 Feb 2014 14:38:03 +0000 (UTC) Received: by mail-ob0-f171.google.com with SMTP id wp4so14039557obc.30 for ; Fri, 14 Feb 2014 06:38:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bluelife.at; s=google; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Nw7FmaH1t+MO9yjYK3ABmW7497Dt7NyqIGqvfqtsT0U=; b=J+xE9S1EGPsZJFJd8aS554ipMgBoqTBppd4sSve0CGtaFSuRffq6BckZK6hBE6gsYC MKLmC/1fzy3YEwvqJ16VKvnSFFyTqwGhKcwz5irIMizbg/LmHiFksIhsIw9I0/L1YwAx LJCcHCcBHyZ46pC33yi4r9yRF+3ndGAw/9BHw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Nw7FmaH1t+MO9yjYK3ABmW7497Dt7NyqIGqvfqtsT0U=; b=apN5jAln6Yufspesv82V8YbfiXqcL7qk9OFO2F3u/xZF36saBGd3woClR9SIPlDJ7j tZv1m0ja5XEVwMDxDDRn1CISx9gzec/+Cwcm1JgfYL0Hw83bv718kc0pdKiMBtYMFC4a 8z+gkqCHB1YxiblUsoshwrG5glTAxRM88dcjl8wnqWYvH1FrHhHwzj94sniawYqg6p3D T4pkgPFy20tFXT7QP5+clJwkHQcqj+f1ZE+c8eq5BoodKf/8BzYOXJJkr4ZoUU7pXFhx F3yPCUdfU9DueFUKazqK9SG/0AuYPtH0uMisruQXLrp+8KiGWGM8ZHnwiYb82aimSKhO o9Rg== X-Gm-Message-State: ALoCoQmoWQgyve60LmmAy9FqZjPYw0DdeNBcwMCVWxOesVyku5QMCLwOHugjX8Pa+StSdat+MUPd MIME-Version: 1.0 X-Received: by 10.182.53.72 with SMTP id z8mr6887409obo.36.1392388682884; Fri, 14 Feb 2014 06:38:02 -0800 (PST) Sender: decke@bluelife.at Received: by 10.76.144.71 with HTTP; Fri, 14 Feb 2014 06:38:02 -0800 (PST) X-Originating-IP: [80.123.233.199] In-Reply-To: <52FB63D9.10701@FreeBSD.org> References: <201401271335.s0RDZfTj022362@svn.freebsd.org> <52FB63D9.10701@FreeBSD.org> Date: Fri, 14 Feb 2014 15:38:02 +0100 X-Google-Sender-Auth: qXcLvgG6sFdeiEwD9qIMZ4r7Qvw Message-ID: Subject: Re: svn commit: r341405 - head/security/strongswan From: =?ISO-8859-1?Q?Bernhard_Fr=F6hlich?= To: Renato Botelho Content-Type: text/plain; charset=ISO-8859-1 Cc: "svn-ports-head@freebsd.org" , "svn-ports-all@freebsd.org" , "ports-committers@freebsd.org" X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Feb 2014 14:38:04 -0000 On Wed, Feb 12, 2014 at 1:06 PM, Renato Botelho wrote: > On 27-01-2014 11:35, Bernhard Froehlich wrote: >> Author: decke >> Date: Mon Jan 27 13:35:40 2014 >> New Revision: 341405 >> URL: http://svnweb.freebsd.org/changeset/ports/341405 >> QAT: https://qat.redports.org/buildarchive/r341405/ >> >> Log: >> - Update to 5.1.1 >> - Added EAP dynamic proxy module >> - Added EAP Radius proxy authentication >> - Added DNSSEC/unbound support >> - Added kernel libipsec plugin >> - Changed configuration files to install to ${PREFIX}/etc/.conf.sample >> - Convert to new options format >> >> PR: ports/185535 >> Submitted by: Francois ten Krooden (maintainer) >> Security: CVE-2013-5018 >> Security: CVE-2013-6075 >> Security: CVE-2013-6076 >> >> Modified: >> head/security/strongswan/Makefile >> head/security/strongswan/distinfo >> head/security/strongswan/pkg-plist >> >> Modified: head/security/strongswan/Makefile >> ============================================================================== >> --- head/security/strongswan/Makefile Mon Jan 27 13:35:10 2014 (r341404) >> +++ head/security/strongswan/Makefile Mon Jan 27 13:35:40 2014 (r341405) >> @@ -2,8 +2,7 @@ >> # $FreeBSD$ >> >> PORTNAME= strongswan >> -PORTVERSION= 5.0.4 >> -PORTREVISION= 1 >> +PORTVERSION= 5.1.1 >> CATEGORIES= security >> MASTER_SITES= http://download.strongswan.org/ \ >> http://download2.strongswan.org/ >> @@ -37,6 +36,7 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \ >> --enable-blowfish \ >> --enable-addrblock \ >> --enable-whitelist \ >> + --enable-cmd \ >> --with-group=wheel \ >> --with-lib-prefix=${PREFIX} >> >> @@ -44,38 +44,47 @@ CONFIGURE_ARGS= --enable-kernel-pfkey \ >> MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 >> MAN8= ipsec.8 _updown.8 _updown_espmark.8 >> >> -OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE >> +OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE IKEv1 \ >> + IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE \ >> + TESTVECTOR UNBOUND XAUTH >> +OPTIONS_SUB= ${OPTIONS_DEFINE} >> CURL_DESC= Enable CURL to fetch CRL/OCSP >> EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend >> +EAPDYNAMIC_DESC= Enable EAP dynamic proxy module >> +EAPRADIUS_DESC= Enable EAP Radius proxy authentication >> EAPSIMFILE_DESC= Enable EAP SIM with file backend >> -IKEv1_DESC= Enable IKEv1 support (Experimental) >> - >> -NO_STAGE= yes >> -.include >> +IKEv1_DESC= Enable IKEv1 support >> +IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC >> +KERNELLIBIPSEC_DESC= Enable IPSec userland backend >> +LOADTESTER_DESC= Enable load testing plugin >> +TESTVECTOR_DESC= Enable crypto test vectors >> +UNBOUND_DESC= Enable DNSSEC-enabled resolver >> +XAUTH_DESC= Enable XAuth password verification >> >> # Extra options >> -.if ${PORT_OPTIONS:MCURL} >> -CONFIGURE_ARGS+= --enable-curl >> -LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl >> -PLIST_SUB+= CURL="" >> -.else >> -PLIST_SUB+= CURL="@comment " >> -.endif >> - >> -.if ${PORT_OPTIONS:MEAPSIMFILE} >> -CONFIGURE_ARGS+= --enable-eap-sim --enable-eap-sim-file >> -PLIST_SUB+= EAPSIMFILE="" >> -.else >> -PLIST_SUB+= EAPSIMFILE="@comment " >> -.endif >> +CURL_CONFIGURE_ON= --enable-curl >> +CURL_LIB_DEPENDS= curl:${PORTSDIR}/ftp/curl >> +EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2 >> +EAPAKA3GPP2_LIB_DEPENDS=gmp:${PORTSDIR}/math/gmp >> +EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic >> +EAPRADIUS_CONFIGURE_ON= --enable-eap-radius >> +EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file >> +IKEv1_CONFIGURE_OFF= --disable-ikev1 >> +IPSECKEY_CONFIGURE_ON= --enable-ipseckey >> +KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec >> +LOADTESTER_CONFIGURE_ON=--enable-load-tester >> +LDAP_CONFIGURE_ON= --enable-ldap >> +LDAP_USE= USE_OPENLDAP=yes >> +MYSQL_CONFIGURE_ON= --enable-mysql >> +MYSQL_USE= USE_MYSQL=yes >> +SQLITE_CONFIGURE_ON= --enable-sqlite >> +SQLITE_LIB_DEPENDS= sqlite3:${PORTSDIR}/databases/sqlite3 >> +TESTVECTOR_CONFIGURE_ON=--enable-test-vectors >> +UNBOUND_CONFIGURE_ON= --enable-unbound >> +UNBOUND_LIB_DEPENDS= unbound:${PORTSDIR}/dns/unbound >> +XAUTH_CONFIGURE_ON= --enable-xauth-eap --enable-xauth-generic >> >> -.if ${PORT_OPTIONS:MEAPAKA3GPP2} >> -CONFIGURE_ARGS+= --enable-eap-aka --enable-eap-aka-3gpp2 >> -LIB_DEPENDS+= gmp:${PORTSDIR}/math/gmp >> -PLIST_SUB+= EAPAKA3GPP2="" >> -.else >> -PLIST_SUB+= EAPAKA3GPP2="@comment " >> -.endif >> +.include >> >> .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2} >> PLIST_SUB+=SIMAKA="" >> @@ -83,37 +92,6 @@ PLIST_SUB+=SIMAKA="" >> PLIST_SUB+=SIMAKA="@comment " >> .endif >> >> -.if ${PORT_OPTIONS:MIKEv1} >> -PLIST_SUB+= IKEv1="" >> -.else >> -CONFIGURE_ARGS+= --disable-ikev1 >> -PLIST_SUB+= IKEv1="@comment " >> -.endif >> - >> -.if ${PORT_OPTIONS:MLDAP} >> -USE_OPENLDAP= yes >> -CONFIGURE_ARGS+= --enable-ldap >> -PLIST_SUB+= LDAP="" >> -.else >> -PLIST_SUB+= LDAP="@comment " >> -.endif >> - >> -.if ${PORT_OPTIONS:MMYSQL} >> -CONFIGURE_ARGS+= --enable-mysql >> -USE_MYSQL= yes >> -PLIST_SUB+= MYSQL="" >> -.else >> -PLIST_SUB+= MYSQL="@comment " >> -.endif >> - >> -.if ${PORT_OPTIONS:MSQLITE} >> -CONFIGURE_ARGS+= --enable-sqlite >> -LIB_DEPENDS+= sqlite3:${PORTSDIR}/databases/sqlite3 >> -PLIST_SUB+= SQLITE="" >> -.else >> -PLIST_SUB+= SQLITE="@comment " >> -.endif >> - >> .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE} >> CONFIGURE_ARGS+= --enable-attr-sql --enable-sql >> PLIST_SUB+= SQL="" >> @@ -121,11 +99,9 @@ PLIST_SUB+= SQL="" >> PLIST_SUB+= SQL="@comment " >> .endif >> >> -.include >> - >> -# Requires FreeBSD 8 and above to work >> -.if ${OSVERSION} < 800000 >> -IGNORE= requires at least FreeBSD 8.X >> -.endif >> +post-install: >> + ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} >> + ${MV} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESDIR} >> + ${MV} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR} > > Just one more thing that I noted, it would be better to use > ${INSTALL_DATA} here instead of ${MV} Thanks, I've fixed both in r344214. -- Bernhard Froehlich http://www.bluelife.at/