Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Dec 2019 16:28:32 +0000 (UTC)
From:      Steve Wills <swills@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r520267 - in head/security/vpnc: . files
Message-ID:  <201912161628.xBGGSWgc012454@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: swills
Date: Mon Dec 16 16:28:32 2019
New Revision: 520267
URL: https://svnweb.freebsd.org/changeset/ports/520267

Log:
  security/vpnc: fix issue with destroying tun device on exit
  
  While here, improve formatting and regenerate patches
  
  PR:		241039
  Submitted by:	kevans
  Reported by:	Hrant Dadivanyan <hrant@dadivanyan.net>

Added:
  head/security/vpnc/files/patch-sysdep.c   (contents, props changed)
  head/security/vpnc/files/patch-tunip.c   (contents, props changed)
Modified:
  head/security/vpnc/Makefile   (contents, props changed)
  head/security/vpnc/files/patch-Makefile   (contents, props changed)
  head/security/vpnc/files/patch-config.c   (contents, props changed)
  head/security/vpnc/files/patch-sysdep.h   (contents, props changed)
  head/security/vpnc/files/patch-vpnc-script.in   (contents, props changed)
  head/security/vpnc/files/patch-vpnc.c   (contents, props changed)

Modified: head/security/vpnc/Makefile
==============================================================================
--- head/security/vpnc/Makefile	Mon Dec 16 16:00:22 2019	(r520266)
+++ head/security/vpnc/Makefile	Mon Dec 16 16:28:32 2019	(r520267)
@@ -3,7 +3,7 @@
 
 PORTNAME=	vpnc
 PORTVERSION=	0.5.3
-PORTREVISION=	13
+PORTREVISION=	14
 CATEGORIES=	security net-vpn
 MASTER_SITES=	http://www.unix-ag.uni-kl.de/~massar/vpnc/ \
 		LOCAL/ehaupt
@@ -11,7 +11,7 @@ MASTER_SITES=	http://www.unix-ag.uni-kl.de/~massar/vpn
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	Client for Cisco 3000 VPN Concentrator
 
-LICENSE=	GPLv2+ BSD2CLAUSE
+LICENSE=	BSD2CLAUSE GPLv2+
 LICENSE_COMB=	multi
 LICENSE_FILE=	${WRKSRC}/COPYING
 
@@ -19,7 +19,7 @@ LIB_DEPENDS=	libgcrypt.so:security/libgcrypt \
 		libgpg-error.so:security/libgpg-error
 RUN_DEPENDS=	vpnc-script:sysutils/vpnc-scripts
 
-USES=		shebangfix gmake perl5
+USES=		gmake perl5 shebangfix
 USE_PERL5=	build
 USE_RC_SUBR=	vpnc
 
@@ -32,9 +32,9 @@ PORTDOCS=	README TODO
 
 MAKE_ENV=	BINS="${EXTRABUILDS}"
 
-OPTIONS_DEFINE=	DECRYPT SSL CISCOVERSION DOCS
-OPTIONS_DEFAULT=DECRYPT
-OPTIONS_SUB=	yes
+OPTIONS_DEFINE=		CISCOVERSION DECRYPT DOCS SSL
+OPTIONS_DEFAULT=	DECRYPT
+OPTIONS_SUB=		yes
 
 CISCOVERSION_DESC=	Mask linux presentation string
 CISCOVERSION_CFLAGS=	-DCISCO_PATCH_VERSION

Modified: head/security/vpnc/files/patch-Makefile
==============================================================================
--- head/security/vpnc/files/patch-Makefile	Mon Dec 16 16:00:22 2019	(r520266)
+++ head/security/vpnc/files/patch-Makefile	Mon Dec 16 16:28:32 2019	(r520267)
@@ -1,5 +1,5 @@
---- Makefile.orig	2008-11-19 21:36:12.000000000 +0100
-+++ Makefile	2008-11-24 01:21:22.000000000 +0100
+--- Makefile.orig	2008-11-19 20:36:12 UTC
++++ Makefile
 @@ -20,15 +20,15 @@
  # $Id: Makefile 312 2008-06-15 18:09:42Z Joerg Mayer $
  
@@ -19,7 +19,7 @@
  OBJS = $(addsuffix .o,$(basename $(SRCS)))
  BINOBJS = $(addsuffix .o,$(BINS))
  BINSRCS = $(addsuffix .c,$(BINS))
-@@ -50,9 +50,7 @@
+@@ -50,9 +50,7 @@ RELEASE_VERSION := $(shell cat VERSION)
  #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
  #OPENSSLLIBS = -lcrypto
  
@@ -30,7 +30,7 @@
  CFLAGS +=  $(shell libgcrypt-config --cflags)
  CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION)
  LDFLAGS ?= -g
-@@ -78,7 +76,7 @@
+@@ -78,7 +76,7 @@ vpnc-script : vpnc-script.in
  	sed -e 's,@''PREFIX''@,$(PREFIX),g' $< > $@ && chmod 755 $@
  
  cisco-decrypt : cisco-decrypt.o decrypt-utils.o

Modified: head/security/vpnc/files/patch-config.c
==============================================================================
--- head/security/vpnc/files/patch-config.c	Mon Dec 16 16:00:22 2019	(r520266)
+++ head/security/vpnc/files/patch-config.c	Mon Dec 16 16:28:32 2019	(r520267)
@@ -1,6 +1,6 @@
---- config.c.orig	2008-03-06 17:03:57.000000000 +0100
-+++ config.c	2008-03-06 17:14:29.000000000 +0100
-@@ -257,17 +257,36 @@
+--- config.c.orig	2008-11-19 20:36:12 UTC
++++ config.c
+@@ -163,17 +163,36 @@ static const char *config_def_auth_mode(void)
  
  static const char *config_def_app_version(void)
  {
@@ -43,7 +43,7 @@
  }
  
  static const char *config_def_pid_file(void)
-@@ -538,7 +557,7 @@
+@@ -456,7 +475,7 @@ static char *get_config_filename(const char *name, int
  {
  	char *realname;
  	
@@ -52,7 +52,7 @@
  	return realname;
  }
  
-@@ -757,8 +776,8 @@
+@@ -675,8 +694,8 @@ void do_config(int argc, char **argv)
  	}
  	
  	if (!got_conffile) {

Added: head/security/vpnc/files/patch-sysdep.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/vpnc/files/patch-sysdep.c	Mon Dec 16 16:28:32 2019	(r520267)
@@ -0,0 +1,23 @@
+--- sysdep.c.orig	2019-10-03 14:54:58 UTC
++++ sysdep.c
+@@ -91,6 +91,20 @@ typedef enum {
+ } search_if_en;
+ #endif
+ 
++#ifdef TUNSIFPID
++void tun_claim(int fd)
++{
++
++	ioctl(fd, TUNSIFPID, 0);
++}
++#else
++/* Nop; no protocol for doing this */
++void tun_claim(int fd)
++{
++
++}
++#endif
++
+ /* 
+  * Allocate TUN/TAP device, returns opened fd. 
+  * Stores dev name in the first arg(must be large enough).

Modified: head/security/vpnc/files/patch-sysdep.h
==============================================================================
--- head/security/vpnc/files/patch-sysdep.h	Mon Dec 16 16:00:22 2019	(r520266)
+++ head/security/vpnc/files/patch-sysdep.h	Mon Dec 16 16:28:32 2019	(r520267)
@@ -1,16 +1,24 @@
---- sysdep.h.orig	2008-11-19 21:36:12.000000000 +0100
-+++ sysdep.h	2015-03-03 21:35:27.443313082 +0100
-@@ -75,17 +75,20 @@
+--- sysdep.h.orig	2008-11-19 20:36:12 UTC
++++ sysdep.h
+@@ -34,6 +34,7 @@ int tun_open(char *dev, enum if_mode_enum mode);
+ int tun_close(int fd, char *dev);
+ int tun_write(int fd, unsigned char *buf, int len);
+ int tun_read(int fd, unsigned char *buf, int len);
++void tun_claim(int fd);
+ int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr);
+ 
  /***************************************************************************/
+@@ -75,17 +76,20 @@ int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr)
+ /***************************************************************************/
  #if defined(__FreeBSD_kernel__)
  #define HAVE_SA_LEN 1
-+/* %%FREEBSD_IPLEN_FIX%% */
++#define NEED_IPLEN_FIX 1
  #endif
  
  /***************************************************************************/
  #if defined(__FreeBSD__)
  #define HAVE_SA_LEN 1
-+/* %%FREEBSD_IPLEN_FIX%% */
++#define NEED_IPLEN_FIX 1
  
  #define HAVE_VASPRINTF 1
  #define HAVE_ASPRINTF  1
@@ -21,7 +29,7 @@
  #endif
  
  /***************************************************************************/
-@@ -97,6 +100,7 @@
+@@ -97,6 +101,7 @@ int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr)
  #define HAVE_FGETLN    1
  #define HAVE_UNSETENV  1
  #define HAVE_SETENV    1

Added: head/security/vpnc/files/patch-tunip.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/vpnc/files/patch-tunip.c	Mon Dec 16 16:28:32 2019	(r520267)
@@ -0,0 +1,10 @@
+--- tunip.c.orig	2019-10-03 14:52:47 UTC
++++ tunip.c
+@@ -1058,6 +1058,7 @@ void vpnc_doit(struct sa_block *s)
+ 	} else {
+ 		printf("VPNC started in foreground...\n");
+ 	}
++	tun_claim(s->tun_fd);
+ 	openlog("vpnc", LOG_PID | LOG_PERROR, LOG_DAEMON);
+ 	write_pidfile(pidfile);
+ 	

Modified: head/security/vpnc/files/patch-vpnc-script.in
==============================================================================
--- head/security/vpnc/files/patch-vpnc-script.in	Mon Dec 16 16:00:22 2019	(r520266)
+++ head/security/vpnc/files/patch-vpnc-script.in	Mon Dec 16 16:28:32 2019	(r520267)
@@ -1,6 +1,6 @@
---- vpnc-script.in.orig	2008-11-19 21:55:51.000000000 +0100
-+++ vpnc-script.in	2011-11-10 22:41:12.000000000 +0100
-@@ -48,8 +48,8 @@
+--- vpnc-script.in.orig	2008-11-19 20:55:51 UTC
++++ vpnc-script.in
+@@ -48,8 +48,8 @@ PATH=/sbin:/usr/sbin:$PATH
  
  OS="`uname -s`"
  
@@ -11,7 +11,7 @@
  FULL_SCRIPTNAME=@PREFIX@/sbin/vpnc
  SCRIPTNAME=`basename $FULL_SCRIPTNAME`
  
-@@ -73,7 +73,9 @@
+@@ -73,7 +73,9 @@ else
  	route_syntax_netmask="-netmask"
  fi
  
@@ -22,7 +22,7 @@
  	MODIFYRESOLVCONF=modify_resolvconf_manager
  	RESTORERESOLVCONF=restore_resolvconf_manager
  elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
-@@ -420,11 +422,13 @@
+@@ -420,11 +422,13 @@ do_pre_init() {
  			fi
  		fi
  	elif [ "$OS" = "FreeBSD" ]; then

Modified: head/security/vpnc/files/patch-vpnc.c
==============================================================================
--- head/security/vpnc/files/patch-vpnc.c	Mon Dec 16 16:00:22 2019	(r520266)
+++ head/security/vpnc/files/patch-vpnc.c	Mon Dec 16 16:28:32 2019	(r520267)
@@ -1,6 +1,6 @@
---- vpnc.c.orig	2008-11-19 21:55:51.000000000 +0100
-+++ vpnc.c	2017-11-10 13:09:32.996639000 +0100
-@@ -1160,8 +1160,11 @@
+--- vpnc.c.orig	2008-11-19 20:55:51 UTC
++++ vpnc.c
+@@ -1160,8 +1160,11 @@ static void lifetime_ike_process(struct sa_block *s, s
  		value = a->next->u.attr_16;
  	else if (a->next->af == isakmp_attr_lots && a->next->u.lots.length == 4)
  		value = ntohl(*((uint32_t *) a->next->u.lots.data));
@@ -14,7 +14,7 @@
  	
  	DEBUG(2, printf("got ike lifetime attributes: %d %s\n", value,
  		(a->u.attr_16 == IKE_LIFE_TYPE_SECONDS) ? "seconds" : "kilobyte"));
-@@ -1578,6 +1581,19 @@
+@@ -1578,6 +1581,19 @@ static void do_phase1_am(const char *key_id, const cha
  						seen_natd_them = 1;
  				}
  				break;
@@ -34,7 +34,7 @@
  			default:
  				DEBUG(1, printf("rejecting invalid payload type %d\n", rp->type));
  				reject = ISAKMP_N_INVALID_PAYLOAD_TYPE;
-@@ -2861,28 +2877,34 @@
+@@ -2861,28 +2877,34 @@ static void do_phase2_qm(struct sa_block *s)
  		free(dh_shared_secret);
  		free_isakmp_packet(r);
  		
@@ -86,7 +86,7 @@
  		}
  		
  		s->ipsec.rx.seq_id = s->ipsec.tx.seq_id = 1;
-@@ -3224,9 +3246,14 @@
+@@ -3224,9 +3246,14 @@ void process_late_ike(struct sa_block *s, uint8_t *r_p
  			 */
  			/* FIXME: any cleanup needed??? */

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201912161628.xBGGSWgc012454>