Date: Tue, 5 Nov 2013 17:47:46 GMT From: Francois ten Krooden <strongswan@nanoteq.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/183688: [maintainer update] security/strongswan 5.0.4 -> 5.1.1 Message-ID: <201311051747.rA5HlkAE068391@oldred.freebsd.org> Resent-Message-ID: <201311051750.rA5Ho09X079551@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 183688 >Category: ports >Synopsis: [maintainer update] security/strongswan 5.0.4 -> 5.1.1 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Nov 05 17:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Francois ten Krooden >Release: FreeBSD 9.2 >Organization: Nanoteq >Environment: >Description: Update port security/strongswan 5.0.4 -> 5.1.1 - Added EAP dynamic proxy module - Added EAP Radius proxy authentication - Added DNSSEC/unbound support - Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== --- Makefile (revision 332396) +++ Makefile (working copy) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= strongswan -PORTVERSION= 5.0.4 -PORTREVISION= 1 +PORTVERSION= 5.1.1 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ @@ -37,6 +37,7 @@ --enable-blowfish \ --enable-addrblock \ --enable-whitelist \ + --enable-cmd \ --with-group=wheel \ --with-lib-prefix=${PREFIX} @@ -44,13 +45,21 @@ MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5 MAN8= ipsec.8 _updown.8 _updown_espmark.8 -OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE +OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE +OPTIONS_DEFINE+= HA IKEv1 IPSECKEY LOADTESTER LDAP MYSQL SQLITE TESTVECTOR UNBOUND XAUTH CURL_DESC= Enable CURL to fetch CRL/OCSP EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend +EAPDYNAMIC_DESC= Enable EAP dynamic proxy module +EAPRADIUS_DESC= Enable EAP Radius proxy authentication EAPSIMFILE_DESC= Enable EAP SIM with file backend +HA_DESC= Enable high availability cluster IKEv1_DESC= Enable IKEv1 support (Experimental) +IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC +LOADTESTER_DESC= Enable load testing plugin +TESTVECTOR_DESC= Enable crypto test vectors +UNBOUND_DESC= Enable DNSSEC-enabled resolver +XAUTH_DESC= Enable XAuth password verification -NO_STAGE= yes .include <bsd.port.options.mk> # Extra options @@ -83,6 +92,29 @@ PLIST_SUB+=SIMAKA="@comment " .endif +.if ${PORT_OPTIONS:MEAPDYNAMIC} +CONFIGURE_ARGS+= --enable-eap-dynamic +PLIST_SUB+= EAPDYNAMIC="" +.else +PLIST_SUB+= EAPDYNAMIC="@comment " +.endif + +.if ${PORT_OPTIONS:MEAPRADIUS} +CONFIGURE_ARGS+= --enable-eap-radius +PLIST_SUB+= EAPRADIUS="" +PLIST_SUB+= RADIUS="" +.else +PLIST_SUB+= EAPRADIUS="@comment " +PLIST_SUB+= RADIUS="@comment " +.endif + +.if ${PORT_OPTIONS:MHA} +CONFIGURE_ARGS+= --enable-ha +PLIST_SUB+= HA="" +.else +PLIST_SUB+= HA="@comment " +.endif + .if ${PORT_OPTIONS:MIKEv1} PLIST_SUB+= IKEv1="" .else @@ -98,6 +130,20 @@ PLIST_SUB+= LDAP="@comment " .endif +.if ${PORT_OPTIONS:MLOADTESTER} +CONFIGURE_ARGS+= --enable-load-tester +PLIST_SUB+= LOADTESTER="" +.else +PLIST_SUB+= LOADTESTER="@comment " +.endif + +.if ${PORT_OPTIONS:MIPSECKEY} +CONFIGURE_ARGS+= --enable-ipseckey +PLIST_SUB+= IPSECKEY="" +.else +PLIST_SUB+= IPSECKEY="@comment " +.endif + .if ${PORT_OPTIONS:MMYSQL} CONFIGURE_ARGS+= --enable-mysql USE_MYSQL= yes @@ -121,11 +167,31 @@ PLIST_SUB+= SQL="@comment " .endif -.include <bsd.port.pre.mk> +.if ${PORT_OPTIONS:MUNBOUND} +CONFIGURE_ARGS+= --enable-unbound +LIB_DEPENDS+= unbound:${PORTSDIR}/dns/unbound +PLIST_SUB+= UNBOUND="" +.else +PLIST_SUB+= UNBOUND="@comment " +.endif +.if ${PORT_OPTIONS:MTESTVECTOR} +CONFIGURE_ARGS+= --enable-test-vectors +PLIST_SUB+= TESTVECTOR="" +.else +PLIST_SUB+= TESTVECTOR="@comment " +.endif + +.if ${PORT_OPTIONS:MXAUTH} +CONFIGURE_ARGS+= --enable-xauth-eap --enable-xauth-generic +PLIST_SUB+= XAUTH="" +.else +PLIST_SUB+= XAUTH="@comment " +.endif + # Requires FreeBSD 8 and above to work .if ${OSVERSION} < 800000 IGNORE= requires at least FreeBSD 8.X .endif -.include <bsd.port.post.mk> +.include <bsd.port.mk> Index: distinfo =================================================================== --- distinfo (revision 332396) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2 -SIZE (strongswan-5.0.4.tar.bz2) = 3412930 +SHA256 (strongswan-5.1.1.tar.bz2) = fbf2a668221fc4a36a34bdeac2dfeda25b96f572d551df022585177953622406 +SIZE (strongswan-5.1.1.tar.bz2) = 3673200 Index: files/patch-src__Makefile.am =================================================================== --- files/patch-src__Makefile.am (revision 0) +++ files/patch-src__Makefile.am (working copy) @@ -0,0 +1,8 @@ +--- src.old/Makefile.am 2013-11-01 19:26:37.000000000 +0200 ++++ src/Makefile.am 2013-11-01 20:37:18.000000000 +0200 +@@ -120,4 +120,4 @@ + + install-exec-local : + test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" +- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true ++ test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf.sample" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf.sample || true Property changes on: files/patch-src__Makefile.am ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/patch-src__Makefile.in =================================================================== --- files/patch-src__Makefile.in (revision 0) +++ files/patch-src__Makefile.in (working copy) @@ -0,0 +1,11 @@ +--- src.old/Makefile.in 2013-11-01 19:26:37.000000000 +0200 ++++ src/Makefile.in 2013-11-01 20:37:58.000000000 +0200 +@@ -737,7 +737,7 @@ + + install-exec-local : + test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" +- test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true ++ test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf.sample" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf.sample || true + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. Property changes on: files/patch-src__Makefile.in ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Index: files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in =================================================================== --- files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in (revision 0) +++ files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in (working copy) @@ -0,0 +1,13 @@ +--- src.old/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2013-11-01 19:26:36.000000000 +0200 ++++ src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c 2013-11-01 19:32:17.000000000 +0200 +@@ -790,6 +790,9 @@ + /* {ENCR_DES_IV64, 0 }, */ + {ENCR_DES, SADB_EALG_DESCBC }, + {ENCR_3DES, SADB_EALG_3DESCBC }, ++#ifdef SADB_X_EALG_CAMELLIACBC ++ {ENCR_CAMELLIA_CBC, SADB_X_EALG_CAMELLIACBC }, ++#endif + /* {ENCR_RC5, 0 }, */ + /* {ENCR_IDEA, 0 }, */ + {ENCR_CAST, SADB_X_EALG_CASTCBC }, + Property changes on: files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: files/patch-src__starter__Makefile.am =================================================================== --- files/patch-src__starter__Makefile.am (revision 0) +++ files/patch-src__starter__Makefile.am (working copy) @@ -0,0 +1,8 @@ +--- src.old/starter/Makefile.am 2013-11-01 19:26:36.000000000 +0200 ++++ src/starter/Makefile.am 2013-11-01 20:38:39.000000000 +0200 +@@ -54,4 +54,4 @@ + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true +- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true ++ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf.sample" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf.sample || true Property changes on: files/patch-src__starter__Makefile.am ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: files/patch-src__starter__Makefile.in =================================================================== --- files/patch-src__starter__Makefile.in (revision 0) +++ files/patch-src__starter__Makefile.in (working copy) @@ -0,0 +1,11 @@ +--- src.old/starter/Makefile.in 2013-11-01 19:26:36.000000000 +0200 ++++ src/starter/Makefile.in 2013-11-01 20:39:02.000000000 +0200 +@@ -794,7 +794,7 @@ + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true + test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true +- test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true ++ test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf.sample" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf.sample || true + + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. Property changes on: files/patch-src__starter__Makefile.in ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: pkg-plist =================================================================== --- pkg-plist (revision 332396) +++ pkg-plist (working copy) @@ -1,5 +1,5 @@ -etc/ipsec.conf -etc/strongswan.conf +etc/ipsec.conf.sample +etc/strongswan.conf.sample lib/ipsec/libcharon.a lib/ipsec/libcharon.la lib/ipsec/libcharon.so @@ -97,6 +97,9 @@ lib/ipsec/plugins/libstrongswan-pkcs8.a lib/ipsec/plugins/libstrongswan-pkcs8.la lib/ipsec/plugins/libstrongswan-pkcs8.so +lib/ipsec/plugins/libstrongswan-pkcs12.a +lib/ipsec/plugins/libstrongswan-pkcs12.la +lib/ipsec/plugins/libstrongswan-pkcs12.so lib/ipsec/plugins/libstrongswan-pubkey.a lib/ipsec/plugins/libstrongswan-pubkey.la lib/ipsec/plugins/libstrongswan-pubkey.so @@ -103,6 +106,9 @@ lib/ipsec/plugins/libstrongswan-random.a lib/ipsec/plugins/libstrongswan-random.la lib/ipsec/plugins/libstrongswan-random.so +lib/ipsec/plugins/libstrongswan-rc2.a +lib/ipsec/plugins/libstrongswan-rc2.la +lib/ipsec/plugins/libstrongswan-rc2.so lib/ipsec/plugins/libstrongswan-resolve.a lib/ipsec/plugins/libstrongswan-resolve.la lib/ipsec/plugins/libstrongswan-resolve.so @@ -118,6 +124,9 @@ lib/ipsec/plugins/libstrongswan-socket-default.a lib/ipsec/plugins/libstrongswan-socket-default.la lib/ipsec/plugins/libstrongswan-socket-default.so +lib/ipsec/plugins/libstrongswan-sshkey.a +lib/ipsec/plugins/libstrongswan-sshkey.la +lib/ipsec/plugins/libstrongswan-sshkey.so lib/ipsec/plugins/libstrongswan-stroke.a lib/ipsec/plugins/libstrongswan-stroke.la lib/ipsec/plugins/libstrongswan-stroke.so @@ -141,6 +150,11 @@ libexec/ipsec/stroke libexec/ipsec/whitelist sbin/ipsec +sbin/charon-cmd +%%RADIUS%%lib/ipsec/libradius.a +%%RADIUS%%lib/ipsec/libradius.la +%%RADIUS%%lib/ipsec/libradius.so +%%RADIUS%%lib/ipsec/libradius.so.0 %%SIMAKA%%lib/ipsec/libsimaka.a %%SIMAKA%%lib/ipsec/libsimaka.la %%SIMAKA%%lib/ipsec/libsimaka.so @@ -154,6 +168,12 @@ %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.a %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.la %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.so +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.a +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.la +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.so +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.a +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.la +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.so %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.a %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.la %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.so @@ -163,9 +183,19 @@ %%CURL%%lib/ipsec/plugins/libstrongswan-curl.a %%CURL%%lib/ipsec/plugins/libstrongswan-curl.la %%CURL%%lib/ipsec/plugins/libstrongswan-curl.so +%%HA%%lib/ipsec/plugins/libstrongswan-ha.a +%%HA%%lib/ipsec/plugins/libstrongswan-ha.la +%%HA%%lib/ipsec/plugins/libstrongswan-ha.so %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.a %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.la %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.so +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.a +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.la +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.so +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.a +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.la +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.so +%%LOADTESTER%%libexec/ipsec/load-tester %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.a %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.la %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.so @@ -182,6 +212,15 @@ %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.a %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.la %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.so +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.a +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.la +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.so +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.a +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.la +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.so +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.a +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.la +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.so @dirrm libexec/ipsec @dirrm lib/ipsec/plugins @dirrm lib/ipsec >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201311051747.rA5HlkAE068391>