Index: head/net/ocserv/Makefile =================================================================== --- head/net/ocserv/Makefile (revision 396230) +++ head/net/ocserv/Makefile (revision 396231) @@ -1,78 +1,76 @@ # Created by: Carlos J Puga Medina # $FreeBSD$ PORTNAME= ocserv -PORTVERSION= 0.10.7 +PORTVERSION= 0.10.8 CATEGORIES= net security MASTER_SITES= ftp://ftp.infradead.org/pub/ocserv/ MAINTAINER= cpm@fbsd.es COMMENT= Server implementing the AnyConnect SSL VPN protocol LICENSE= GPLv2 BUILD_DEPENDS= autogen:${PORTSDIR}/devel/autogen \ gsed:${PORTSDIR}/textproc/gsed \ bash:${PORTSDIR}/shells/bash LIB_DEPENDS= liblz4.so:${PORTSDIR}/archivers/liblz4 \ libiconv.so:${PORTSDIR}/converters/libiconv \ libtalloc.so:${PORTSDIR}/devel/talloc \ libprotobuf-c.so:${PORTSDIR}/devel/protobuf-c \ - libgnutls.so:${PORTSDIR}/security/gnutls + libgnutls.so:${PORTSDIR}/security/gnutls \ + libtasn1.so:${PORTSDIR}/security/libtasn1 USES= autoreconf cpe gmake gperf libtool ncurses pathfix pkgconfig readline tar:xz CPE_VENDOR= infradead CFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib -lintl GNU_CONFIGURE= yes USE_LDCONFIG= yes CONFIGURE_ARGS= --disable-nls \ --enable-local-libopts \ --without-http-parser \ --without-pcl-lib \ --without-radius USERS= _ocserv GROUPS= _ocserv USE_RC_SUBR= ocserv OPTIONS_DEFINE= DOCS EXAMPLES GSSAPI PORTDOCS= AUTHORS ChangeLog INSTALL NEWS README TODO PORTEXAMPLES= profile.xml sample.config sample.passwd -.include +GSSAPI_USES= gssapi:mit +GSSAPI_LIB_DEPENDS= libkrb5support.so:${PORTSDIR}/security/krb5 +GSSAPI_CONFIGURE_OFF= --without-gssapi -.if ${PORT_OPTIONS:MGSSAPI} -USES+= gssapi:mit -LIB_DEPENDS+= libkrb5support.so:${PORTSDIR}/security/krb5 -.else -CONFIGURE_ARGS+= --without-gssapi -.endif +.include post-patch: ${RM} ${WRKSRC}/doc/occtl.8 ${RM} ${WRKSRC}/doc/ocpasswd.8 ${RM} ${WRKSRC}/doc/ocserv.8 post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/occtl ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/ocpasswd ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/ocserv ${MKDIR} ${STAGEDIR}${PREFIX}/etc/ocserv/ ${MKDIR} ${STAGEDIR}/var/run/ocserv/ ${CP} ${FILESDIR}/ocserv.conf ${STAGEDIR}${PREFIX}/etc/ocserv/conf.sample .if ${PORT_OPTIONS:MDOCS} ${MKDIR} ${STAGEDIR}${DOCSDIR} cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} .endif .if ${PORT_OPTIONS:MEXAMPLES} ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR} .endif .include Index: head/net/ocserv/distinfo =================================================================== --- head/net/ocserv/distinfo (revision 396230) +++ head/net/ocserv/distinfo (revision 396231) @@ -1,2 +1,2 @@ -SHA256 (ocserv-0.10.7.tar.xz) = 222212baae53e7f74273245e1459d4132cda41ad255a21f1e42ab4cd240f431d -SIZE (ocserv-0.10.7.tar.xz) = 712232 +SHA256 (ocserv-0.10.8.tar.xz) = af989f27585d3567221ffc40babbb383bcd0ca6879e52bbcdee6ac3a90608454 +SIZE (ocserv-0.10.8.tar.xz) = 714404 Index: head/net/ocserv/files/patch-configure.ac =================================================================== --- head/net/ocserv/files/patch-configure.ac (revision 396230) +++ head/net/ocserv/files/patch-configure.ac (revision 396231) @@ -1,36 +1,29 @@ ---- configure.ac.orig 2015-08-06 16:43:09 UTC +--- configure.ac.orig 2015-09-04 19:27:22 UTC +++ configure.ac -@@ -16,11 +16,11 @@ AM_PROG_CC_C_O - if [ test "$GCC" = "yes" ];then - CFLAGS="$CFLAGS -Wall" +@@ -19,7 +19,7 @@ if [ test "$GCC" = "yes" ];then fi --AC_PATH_PROG(CTAGS, ctags, /bin/true) --AC_PATH_PROG(CSCOPE, cscope, /bin/true) --AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [/bin/true]) -+AC_PATH_PROG(CTAGS, ctags, /usr/bin/true) -+AC_PATH_PROG(CSCOPE, cscope, /usr/bin/true) + AC_PATH_PROG(CTAGS, ctags, [:]) + AC_PATH_PROG(CSCOPE, cscope, [:]) +-AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [:]) +AC_CHECK_PROG([AUTOGEN], [autogen], [autogen], [autogen]) --if test x"$AUTOGEN" = "x/bin/true"; then -+if test x"$AUTOGEN" = "x:"; then + if test x"$AUTOGEN" = "x:"; then AC_MSG_WARN([[ - *** - *** autogen not found. Will not link against libopts. -@@ -124,7 +124,7 @@ if test "$test_for_libnl" = yes;then +@@ -125,7 +125,7 @@ if test "$test_for_libnl" = yes;then fi have_readline=no -AC_LIB_HAVE_LINKFLAGS(readline,, [ +AC_LIB_HAVE_LINKFLAGS(readline,ncurses, [ #include #include ], [rl_replace_line(0,0);]) if test x$ac_cv_libreadline = xyes; then -@@ -441,7 +441,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";the +@@ -442,7 +442,7 @@ if test "$NEED_LIBOPTS_DIR" = "true";the cp -f $i $nam fi done -- AC_SUBST([AUTOGEN], [/bin/true]) +- AC_SUBST([AUTOGEN], [:]) + AC_SUBST([AUTOGEN], [autogen]) enable_local_libopts=yes else enable_local_libopts=no Index: head/net/ocserv/files/patch-doc_Makefile.am =================================================================== --- head/net/ocserv/files/patch-doc_Makefile.am (revision 396230) +++ head/net/ocserv/files/patch-doc_Makefile.am (revision 396231) @@ -1,42 +1,42 @@ ---- doc/Makefile.am.orig 2015-05-26 16:33:38 UTC +--- doc/Makefile.am.orig 2015-08-18 19:48:03 UTC +++ doc/Makefile.am @@ -5,18 +5,27 @@ EXTRA_DIST = design.dia sample.config sc dist_man_MANS = ocserv.8 ocpasswd.8 occtl.8 -ocserv.8: ../src/ocserv-args.def -- -sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ +- -$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ - @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \ - rm -f "$<".tmp +ocserv.8: + -gsed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' \ + ../src/ocserv-args.def > ../src/ocserv-args.def.tmp && \ + @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl \ + ../src/ocserv-args.def.tmp && \ + rm -f ../src/ocserv-args.def.tmp + sed -I -e 's/^\.NOP //' $@ -occtl.8: ../src/occtl-args.def -- -sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ +- -$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ - @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \ - rm -f "$<".tmp +occtl.8: + -gsed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' \ + ../src/occtl-args.def > ../src/occtl-args.def.tmp && \ + @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl \ + ../src/occtl-args.def.tmp && \ + rm -f ../src/occtl-args.def.tmp + sed -I -e 's/^\.NOP //' $@ -ocpasswd.8: ../src/ocpasswd-args.def -- -sed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ +- -$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ - @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \ - rm -f "$<".tmp +ocpasswd.8: + -gsed 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' \ + ../src/ocpasswd-args.def > ../src/ocpasswd-args.def.tmp && \ + @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl \ + ../src/ocpasswd-args.def.tmp && \ + rm -f ../src/ocpasswd-args.def.tmp + sed -I -e 's/^\.NOP //' $@ Index: head/net/ocserv/files/patch-src_config.c =================================================================== --- head/net/ocserv/files/patch-src_config.c (revision 396230) +++ head/net/ocserv/files/patch-src_config.c (revision 396231) @@ -1,31 +1,31 @@ ---- src/config.c.orig 2015-07-18 10:35:29 UTC +--- src/config.c.orig 2015-09-04 19:27:22 UTC +++ src/config.c -@@ -52,8 +52,7 @@ +@@ -51,8 +51,7 @@ #include #include "common-config.h" -#define OLD_DEFAULT_CFG_FILE "/etc/ocserv.conf" -#define DEFAULT_CFG_FILE "/etc/ocserv/ocserv.conf" +#define DEFAULT_CFG_FILE "/usr/local/etc/ocserv/conf" static char pid_file[_POSIX_PATH_MAX] = ""; - static const char* cfg_file = DEFAULT_CFG_FILE; -@@ -414,7 +413,7 @@ static void figure_auth_funcs(struct per + static char cfg_file[_POSIX_PATH_MAX] = DEFAULT_CFG_FILE; +@@ -416,7 +415,7 @@ static void figure_auth_funcs(struct per } talloc_free(auth[j]); } - fprintf(stderr, "Setting '%s' as primary authentication method\n", config->auth[0].name); + /* fprintf(stderr, "Setting '%s' as primary authentication method\n", config->auth[0].name); */ } else { unsigned x = config->auth_methods; /* Append authentication methods (alternative options) */ -@@ -583,9 +582,6 @@ size_t urlfw_size = 0; +@@ -586,9 +585,6 @@ size_t urlfw_size = 0; #endif pov = configFileLoad(file); - if (pov == NULL && file != NULL && strcmp(file, DEFAULT_CFG_FILE) == 0) - pov = configFileLoad(OLD_DEFAULT_CFG_FILE); - if (pov == NULL) { fprintf(stderr, "Error loading config file %s\n", file); exit(1); Index: head/net/ocserv/files/patch-src_main-ctl-unix.c =================================================================== --- head/net/ocserv/files/patch-src_main-ctl-unix.c (revision 396230) +++ head/net/ocserv/files/patch-src_main-ctl-unix.c (revision 396231) @@ -1,55 +1,57 @@ ---- src/main-ctl-unix.c.orig 2015-05-26 16:33:38 UTC +--- src/main-ctl-unix.c.orig 2015-08-28 19:13:38 UTC +++ src/main-ctl-unix.c -@@ -110,10 +110,15 @@ int ctl_handler_init(main_server_st * s) +@@ -110,12 +110,15 @@ int ctl_handler_init(main_server_st * s) struct sockaddr_un sa; int sd, e; -- if (s->config->use_occtl == 0 || s->perm_config->occtl_socket_file == NULL) -+ mslog(s, NULL, LOG_INFO, "using control unix socket: %s", s->perm_config->occtl_socket_file); +- if (s->config->use_occtl == 0 || s->perm_config->occtl_socket_file == NULL) { +- mslog(s, NULL, LOG_INFO, "not using control unix socket"); +- return 0; ++ mslog(s, NULL, LOG_INFO, "using control unix socket: %s", s->perm_config->occtl_socket_file); + -+ if (s->config->use_occtl == 0 || -+ s->perm_config->occtl_socket_file == NULL) { -+ mslog(s, NULL, LOG_INFO, "not using control unix socket"); - return 0; -+ } ++ if (s->config->use_occtl == 0 || ++ s->perm_config->occtl_socket_file == NULL) { ++ mslog(s, NULL, LOG_INFO, "not using control unix socket"); ++ return 0; + } - mslog(s, NULL, LOG_DEBUG, "initializing control unix socket: %s", s->perm_config->occtl_socket_file); + mslog(s, NULL, LOG_INFO, "initializing control unix socket: %s", s->perm_config->occtl_socket_file); memset(&sa, 0, sizeof(sa)); sa.sun_family = AF_UNIX; strlcpy(sa.sun_path, s->perm_config->occtl_socket_file, sizeof(sa.sun_path)); -@@ -122,7 +127,7 @@ int ctl_handler_init(main_server_st * s) +@@ -124,7 +127,7 @@ int ctl_handler_init(main_server_st * s) sd = socket(AF_UNIX, SOCK_STREAM, 0); if (sd == -1) { e = errno; - mslog(s, NULL, LOG_ERR, "could not create socket '%s': %s", + mslog(s, NULL, LOG_INFO, "could not create socket '%s': %s", s->perm_config->occtl_socket_file, strerror(e)); return -1; } -@@ -131,7 +136,7 @@ int ctl_handler_init(main_server_st * s) +@@ -133,7 +136,7 @@ int ctl_handler_init(main_server_st * s) ret = bind(sd, (struct sockaddr *)&sa, SUN_LEN(&sa)); if (ret == -1) { e = errno; - mslog(s, NULL, LOG_ERR, "could not bind socket '%s': %s", + mslog(s, NULL, LOG_INFO, "could not bind socket '%s': %s", s->perm_config->occtl_socket_file, strerror(e)); return -1; } -@@ -139,14 +144,14 @@ int ctl_handler_init(main_server_st * s) +@@ -141,14 +144,14 @@ int ctl_handler_init(main_server_st * s) ret = chown(s->perm_config->occtl_socket_file, s->perm_config->uid, s->perm_config->gid); if (ret == -1) { e = errno; - mslog(s, NULL, LOG_ERR, "could not chown socket '%s': %s", + mslog(s, NULL, LOG_INFO, "could not chown socket '%s': %s", s->perm_config->occtl_socket_file, strerror(e)); } ret = listen(sd, 1024); if (ret == -1) { e = errno; - mslog(s, NULL, LOG_ERR, "could not listen to socket '%s': %s", + mslog(s, NULL, LOG_INFO, "could not listen to socket '%s': %s", s->perm_config->occtl_socket_file, strerror(e)); return -1; } Index: head/net/ocserv/files/patch-src_main.c =================================================================== --- head/net/ocserv/files/patch-src_main.c (revision 396230) +++ head/net/ocserv/files/patch-src_main.c (revision 396231) @@ -1,14 +1,14 @@ ---- src/main.c.orig 2015-07-01 18:41:01 UTC +--- src/main.c.orig 2015-08-31 19:19:45 UTC +++ src/main.c -@@ -131,8 +131,9 @@ int y; - perror("setsockopt(IP_PKTINFO) failed"); +@@ -135,8 +135,9 @@ int y; #elif defined(IP_RECVDSTADDR) /* *BSD */ - y = 1; -- if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, -- (const void *)&y, sizeof(y)) < 0) -+ if (family == AF_INET && -+ setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, -+ (const void *)&y, sizeof(y)) < 0) - perror("setsockopt(IP_RECVDSTADDR) failed"); + if (family == AF_INET) { + y = 1; +- if (setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, +- (const void *)&y, sizeof(y)) < 0) ++ if (family == AF_INET && ++ setsockopt(fd, IPPROTO_IP, IP_RECVDSTADDR, ++ (const void *)&y, sizeof(y)) < 0) + perror("setsockopt(IP_RECVDSTADDR) failed"); + } #endif - #if defined(IPV6_RECVPKTINFO) Index: head/net/ocserv/files/patch-src_ocserv-args.def =================================================================== --- head/net/ocserv/files/patch-src_ocserv-args.def (revision 396230) +++ head/net/ocserv/files/patch-src_ocserv-args.def (revision 396231) @@ -1,56 +1,56 @@ ---- src/ocserv-args.def.orig 2015-07-15 17:17:22 UTC +--- src/ocserv-args.def.orig 2015-08-31 19:19:45 UTC +++ src/ocserv-args.def @@ -68,7 +68,7 @@ doc-section = { ds-format = 'texi'; ds-text = <<-_EOT_ @subheading ocserv's configuration file format -By default, if no other file is specified, ocserv looks for its configuration file at @file{/etc/ocserv/ocserv.conf}. +By default, if no other file is specified, ocserv looks for its configuration file at @file{/usr/local/etc/ocserv/conf}. An example configuration file follows. @example @@ -87,7 +87,7 @@ An example configuration file follows. # This enabled PAM authentication of the user. The gid-min option is used # by auto-select-group option, in order to select the minimum valid group ID. # -# plain[passwd=/etc/ocserv/ocpasswd] +# plain[passwd=/usr/local/etc/ocserv/ocpasswd] # The plain option requires specifying a password file which contains # entries of the following format. # "username:groupname1,groupname2:encoded-password" @@ -119,7 +119,7 @@ An example configuration file follows. #auth = "certificate" #auth = "pam" #auth = "pam[gid-min=1000]" -#auth = "plain[passwd=/etc/ocserv/ocpasswd]" -+#auth = "plain[passwd=/usr/local/etc/ocserv/passwd]" ++#auth = "plain[passwd=/usr/local/etc/ocserv/ocpasswd]" #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" # Specify alternative authentication methods that are sufficient -@@ -431,7 +431,7 @@ rekey-method = ssl +@@ -429,7 +429,7 @@ rekey-method = ssl use-occtl = true # PID file. It can be overriden in the command line. -pid-file = /var/run/ocserv.pid +pid-file = /var/run/ocserv/pid # Set the protocol-defined priority (SO_PRIORITY) for packets to # be sent. That is a number from 0 to 6 with 0 being the lowest -@@ -555,13 +555,13 @@ no-route = 192.168.5.0/255.255.255.0 +@@ -553,13 +553,13 @@ no-route = 192.168.5.0/255.255.255.0 # Also explicit addresses, are only allowed when they are odd. In that # case the next even address will be used as the remote address (in PtP). -#config-per-user = /etc/ocserv/config-per-user/ -#config-per-group = /etc/ocserv/config-per-group/ +#config-per-user = /usr/local/etc/ocserv/config-per-user/ +#config-per-group = /usr/local/etc/ocserv/config-per-group/ # When config-per-xxx is specified and there is no group or user that # matches, then utilize the following configuration. -#default-user-config = /etc/ocserv/defaults/user.conf -#default-group-config = /etc/ocserv/defaults/group.conf +#default-user-config = /usr/local/etc/ocserv/defaults/user.conf +#default-group-config = /usr/local/etc/ocserv/defaults/group.conf # The system command to use to setup a route. %{R} will be replaced with the # route/mask and %{D} with the (tun) device.