Index: head/Mk/Uses/ssl.mk =================================================================== --- head/Mk/Uses/ssl.mk (revision 437667) +++ head/Mk/Uses/ssl.mk (revision 437668) @@ -1,127 +1,109 @@ # $FreeBSD$ # # Handle dependency on *ssl ports. # # Feature: SSL_DEFAULT # Usage: USES=ssl # Valid ARGS: none (build and run), build, run # # The user can choose which ssl library he wants with: # # DEFAULT_VERSIONS+= ssl= # # Variants being base, openssl, openssl-devel, libressl, and libressl-devel. # # The Makefile sets these variables: # OPENSSLBASE - "/usr" or ${LOCALBASE} # OPENSSLDIR - path to openssl # OPENSSLLIB - path to the libs # OPENSSLINC - path to the matching includes # OPENSSLRPATH - rpath for dynamic linker # # MAKE_ENV - extended with the variables above # BUILD_DEPENDS - are added if needed # RUN_DEPENDS - are added if needed # # MAINTAINER: portmgr@FreeBSD.org # .if !defined(_INCLUDE_USES_SSL_MK) _INCLUDE_USES_SSL_MK= yes .if !empty(ssl_ARGS:Nbuild:Nrun) IGNORE= "USES=ssl invalid arguments ${ssl_ARGS}." .endif .if empty(ssl_ARGS) || (!empty(ssl_ARGS:Mbuild) && !empty(ssl_ARGS:Mrun)) _SSL_BUILD_DEP= 1 _SSL_RUN_DEP= 1 .elif !empty(ssl_ARGS:Mbuild) _SSL_BUILD_DEP= 1 .elif !empty(ssl_ARGS:Mrun) _SSL_RUN_DEP= 1 .endif .if ${SSL_DEFAULT} == base OPENSSLBASE= /usr OPENSSLDIR?= /etc/ssl . if !exists(${DESTDIR}/usr/lib/libcrypto.so) check-depends:: @${ECHO_CMD} "Dependency error: This port requires the OpenSSL library, which is part of" @${ECHO_CMD} "the FreeBSD crypto distribution, but not installed on your" @${ECHO_CMD} "machine. Please see the \"OpenSSL\" section in the handbook" @${ECHO_CMD} "(at \"http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/openssl.html\", for instance)" @${ECHO_CMD} "for instructions on how to obtain and install the FreeBSD" @${ECHO_CMD} "OpenSSL distribution." @${FALSE} . endif . if exists(${LOCALBASE}/lib/libcrypto.so) check-depends:: @${ECHO_CMD} "Dependency error: This port wants the OpenSSL library from the FreeBSD" @${ECHO_CMD} "base system. You can't build against it, while a newer" @${ECHO_CMD} "version is installed by a port." @${ECHO_CMD} "Please deinstall the port, remove DEFAULT_VERSIONS=ssl=base or undefine WITH_OPENSSL_BASE." @${FALSE} . endif -# OpenSSL in the base system may not include IDEA for patent licensing reasons. -. if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA) -OPENSSL_IDEA= ${MAKE_IDEA} -. else -OPENSSL_IDEA?= NO -. endif - -. if ${OPENSSL_IDEA} == "NO" -# XXX This is a hack to work around the fact that /etc/make.conf clobbers -# our CFLAGS. It might not be enough for all future ports. -. if defined(HAS_CONFIGURE) -CFLAGS+= -DNO_IDEA -. else -OPENSSL_CFLAGS+= -DNO_IDEA -. endif -MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}" -. endif - .else # ${SSL_DEFAULT} != base OPENSSLBASE= ${LOCALBASE} OPENSSL_PORT= security/${SSL_DEFAULT} # Get OPENSSL_SHLIBVER from the port .sinclude <${PORTSDIR}/${OPENSSL_PORT}/version.mk> . if !defined(OPENSSL_SHLIBVER) .error You are using an unsupported SSL provider ${SSL_DEFAULT} . endif OPENSSLDIR?= ${OPENSSLBASE}/openssl .if defined(_SSL_BUILD_DEP) BUILD_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} .endif .if defined(_SSL_RUN_DEP) RUN_DEPENDS+= ${LOCALBASE}/lib/libcrypto.so.${OPENSSL_SHLIBVER}:${OPENSSL_PORT} .endif OPENSSLRPATH= ${LOCALBASE}/lib .endif OPENSSLLIB= ${OPENSSLBASE}/lib OPENSSLINC= ${OPENSSLBASE}/include MAKE_ENV+= OPENSSLBASE=${OPENSSLBASE} MAKE_ENV+= OPENSSLDIR=${OPENSSLDIR} MAKE_ENV+= OPENSSLINC=${OPENSSLINC} MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} .if defined(OPENSSLRPATH) . if defined(USE_OPENSSL_RPATH) CFLAGS+= -Wl,-rpath,${OPENSSLRPATH} . endif MAKE_ENV+= OPENSSLRPATH=${OPENSSLRPATH} OPENSSL_LDFLAGS+= -Wl,-rpath,${OPENSSLRPATH} .endif LDFLAGS+= ${OPENSSL_LDFLAGS} .endif Index: head/net/pipsecd/Makefile =================================================================== --- head/net/pipsecd/Makefile (revision 437667) +++ head/net/pipsecd/Makefile (revision 437668) @@ -1,32 +1,32 @@ # Created by: Patrick Bihan-Faou # $FreeBSD$ PORTNAME= pipsecd PORTVERSION= 19991014 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= net security MASTER_SITES= http://perso.telecom-paristech.fr/~beyssac/pipsec/ \ http://www.komquats.com/distfiles/ DISTNAME= pipsec-19991014 MAINTAINER= cy@FreeBSD.org COMMENT= Simple IPSEC tunnel tool from Pierre Beyssac USES+= ssl ALL_TARGET= pipsecd OPTIONS_DEFINE= DOCS do-install: ${INSTALL_PROGRAM} ${WRKSRC}/pipsecd ${STAGEDIR}${PREFIX}/sbin ${INSTALL_DATA} ${WRKSRC}/pipsecd.sh ${STAGEDIR}${PREFIX}/etc/rc.d # ${CHMOD} 755 ${STAGEDIR}${PREFIX}/etc/rc.d/pipsecd.sh; ${MKDIR} ${STAGEDIR}${PREFIX}/etc/ipsec ${INSTALL_DATA} ${WRKSRC}/pipsecd.conf.sample ${STAGEDIR}${PREFIX}/etc/ipsec ${MKDIR} ${STAGEDIR}${PREFIX}/share/doc/pipsecd ${INSTALL_MAN} ${WRKSRC}/README ${STAGEDIR}${PREFIX}/share/doc/pipsecd ${INSTALL_MAN} ${WRKSRC}/COPYRIGHT ${STAGEDIR}${PREFIX}/share/doc/pipsecd ${INSTALL_MAN} ${WRKSRC}/README.port ${STAGEDIR}${PREFIX}/share/doc/pipsecd .include Index: head/net/pipsecd/files/patch-tunip.c =================================================================== --- head/net/pipsecd/files/patch-tunip.c (revision 437667) +++ head/net/pipsecd/files/patch-tunip.c (revision 437668) @@ -1,269 +1,209 @@ --- tunip.c.orig 1999-09-21 22:20:40 UTC +++ tunip.c @@ -35,6 +35,8 @@ #include #include #include +#include +#include #include #include #include -@@ -54,12 +56,14 @@ - #include - #include - #include -+#ifndef NO_IDEA - #include -+#endif +@@ -58,8 +60,8 @@ #include "defs.h" -#define _PATH_CONF "/etc/ipsec/pipsecd.conf" -#define _PATH_STARTUP "/etc/ipsec/startup" +#define _PATH_CONF FILE_PREFIX "/etc/ipsec/pipsecd.conf" +#define _PATH_STARTUP FILE_PREFIX "/etc/ipsec/startup" #define _PATH_DEV_RANDOM "/dev/random" #ifdef USE_ETHERTAP -@@ -100,6 +104,7 @@ struct ethtap_header ethtap; +@@ -100,6 +102,7 @@ struct ethtap_header ethtap; #endif unsigned char buf[MAX_HEADER+MAX_PACKET]; +char *cmd; typedef union { MD5_CTX md5; -@@ -124,14 +129,16 @@ typedef struct hash_method { +@@ -124,11 +127,11 @@ typedef struct hash_method { typedef union { BF_KEY bf; - des_key_schedule des; + DES_key_schedule des; struct { - des_key_schedule k1; - des_key_schedule k2; - des_key_schedule k3; + DES_key_schedule k1; + DES_key_schedule k2; + DES_key_schedule k3; } des3; CAST_KEY cast; -+#ifndef NO_IDEA IDEA_KEY_SCHEDULE idea; -+#endif - } crypt_key; - - typedef struct crypt_method { -@@ -304,12 +311,14 @@ void cast_cbc_encrypt(unsigned char *iv, - void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk, - unsigned char *ct, unsigned int len); - int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k); -+#ifndef NO_IDEA - void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek, - unsigned char *t, unsigned int len); - void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk, - unsigned char *ct, unsigned int len); - int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k); - int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k); -+#endif - void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek, - unsigned char *t, unsigned int len); - void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk, -@@ -379,14 +388,20 @@ hash_method_t hash_ripemd160 = { - - hash_method_t *hash_list = &hash_ripemd160; - -+#ifndef NO_IDEA - crypt_method_t crypt_idea = { - NULL, - "idea_cbc", 8, 8, - my_idea_cbc_encrypt, my_idea_cbc_decrypt, - my_idea_set_encrypt_key, my_idea_set_decrypt_key - }; -+#endif - crypt_method_t crypt_cast = { -+#ifndef NO_IDEA - &crypt_idea, -+#else -+ NULL, -+#endif - "cast_cbc", 8, 8, - cast_cbc_encrypt, cast_cbc_decrypt, - cast_setkey, cast_setkey -@@ -704,13 +719,22 @@ void tun_new(struct tun_method *this, +@@ -704,13 +707,22 @@ void tun_new(struct tun_method *this, */ int tun_send_ip(struct tun_method *this, struct encap_method *encap, int fd) { - int sent; + int sent, i; if (this->link_header_size) { encap->buflen += this->link_header_size; encap->buf -= this->link_header_size; memcpy(encap->buf, this->link_header, this->link_header_size); } +#if 0 + printf ("Packet sent to tun dev:"); + for (i = 0; i < encap->buflen; i++) { + if (!(i % 16)) + printf ("\n "); + printf (" %02x", encap->buf[i]); + } + printf ("\n\n"); +#endif sent = write(fd, encap->buf, encap->buflen); if (sent != encap->buflen) syslog(LOG_ERR, "truncated in: %d -> %d\n", encap->buflen, sent); -@@ -1120,6 +1144,7 @@ void config_read(FILE *cf) +@@ -1120,6 +1132,7 @@ void config_read(FILE *cf) } } else if (strcmp(arg, "if") == 0) { int fd; + int i = 0; struct sa_desc *local_sa, *remote_sa; struct peer_desc *peer; -@@ -1128,6 +1153,7 @@ void config_read(FILE *cf) +@@ -1128,6 +1141,7 @@ void config_read(FILE *cf) perror(arg); continue; } + ioctl (fd, TUNSIFHEAD, &i); local_sa = NULL; remote_sa = NULL; -@@ -1974,6 +2000,7 @@ int cast_setkey(unsigned char *b, unsign - return 0; - } - -+#ifndef NO_IDEA - void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek, - unsigned char *t, unsigned int len) - { -@@ -2002,11 +2029,12 @@ int my_idea_set_decrypt_key(unsigned cha - idea_set_decrypt_key(&k->idea, &k->idea); - return 0; - } -+#endif - +@@ -2006,7 +2020,7 @@ int my_idea_set_decrypt_key(unsigned cha void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek, unsigned char *t, unsigned int len) { - des_cbc_encrypt(t, t, len, ek->des, iv, DES_ENCRYPT); + DES_cbc_encrypt(t, t, len, &ek->des, iv, DES_ENCRYPT); } void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk, -@@ -2018,7 +2046,7 @@ void my_des_cbc_decrypt(unsigned char *i +@@ -2018,7 +2032,7 @@ void my_des_cbc_decrypt(unsigned char *i for (i = 0; i < len; i++) printf(" %02x", ct[i]); printf("\n"); #endif - des_cbc_encrypt(ct, ct, len, dk->des, iv, DES_DECRYPT); + DES_cbc_encrypt(ct, ct, len, &dk->des, iv, DES_DECRYPT); #if 0 printf("%d bytes after decrypt\n", len); for (i = 0; i < len; i++) printf(" %02x", ct[i]); -@@ -2029,23 +2057,23 @@ void my_des_cbc_decrypt(unsigned char *i +@@ -2029,23 +2043,23 @@ void my_des_cbc_decrypt(unsigned char *i int my_des_setkey(unsigned char *b, unsigned int len, crypt_key *k) { if (len == 8) - return des_set_key(b, k->des); + return DES_set_key(b, &k->des); return -1; } void my_des3_cbc_encrypt(unsigned char *iv, crypt_key *ek, unsigned char *t, unsigned int len) { - des_ede3_cbc_encrypt(t, t, len, - ek->des3.k1, ek->des3.k2, ek->des3.k3, + DES_ede3_cbc_encrypt(t, t, len, + &ek->des3.k1, &ek->des3.k2, &ek->des3.k3, iv, DES_ENCRYPT); } void my_des3_cbc_decrypt(unsigned char *iv, crypt_key *dk, unsigned char *ct, unsigned int len) { - des_ede3_cbc_encrypt(ct, ct, len, - dk->des3.k1, dk->des3.k2, dk->des3.k3, + DES_ede3_cbc_encrypt(ct, ct, len, + &dk->des3.k1, &dk->des3.k2, &dk->des3.k3, iv, DES_DECRYPT); } -@@ -2054,11 +2082,11 @@ int my_des3_setkey(unsigned char *b, uns +@@ -2054,11 +2068,11 @@ int my_des3_setkey(unsigned char *b, uns if (len != 24) return -1; - if (des_set_key(b, k->des3.k1) != 0) + if (DES_set_key(b, &k->des3.k1) != 0) return -1; - if (des_set_key(b+8, k->des3.k2) != 0) + if (DES_set_key(b+8, &k->des3.k2) != 0) return -1; - if (des_set_key(b+16, k->des3.k3) != 0) + if (DES_set_key(b+16, &k->des3.k3) != 0) return -1; return 0; -@@ -2081,6 +2109,11 @@ int null_setkey(unsigned char *b, unsign +@@ -2081,6 +2095,11 @@ int null_setkey(unsigned char *b, unsign return 0; } +void usage() +{ + fprintf(stderr, "%s: usage: [ -c CONFIG ] [ -s SCRIPT ]\n", cmd); + exit(1); +} int main(int argc, char **argv) { time_t t; -@@ -2088,9 +2121,14 @@ int main(int argc, char **argv) +@@ -2088,9 +2107,14 @@ int main(int argc, char **argv) int pack, i; struct sockaddr_in from; struct stat sb; + int ch; + char *path_conf = _PATH_CONF; + char *path_startup = _PATH_STARTUP; FILE *f; + cmd=argv[0]; + openlog ("pipsecd", LOG_PID, LOG_DAEMON); syslog (LOG_NOTICE, "pipsecd starting"); -@@ -2113,7 +2151,21 @@ int main(int argc, char **argv) +@@ -2113,7 +2137,21 @@ int main(int argc, char **argv) if (encap_icmp_new(&encap_meth[ENCAP_ICMP], IPPROTO_ICMP) == -1) exit(1); - f = fopen(_PATH_CONF, "r"); + while ((ch = getopt(argc, argv, "c:s:")) != -1) { + switch (ch) { + case 'c': + path_conf = optarg; + break; + case 's': + path_startup = optarg; + break; + case '?': + default: + usage(); + } + } + + f = fopen(path_conf, "r"); if (f == NULL) { perror("configuration file"); exit(1); -@@ -2123,8 +2175,8 @@ int main(int argc, char **argv) +@@ -2123,8 +2161,8 @@ int main(int argc, char **argv) fclose(f); /* Execute startup script, if any */ - if (stat(_PATH_STARTUP, &sb) == 0 && (sb.st_mode & 0400)) - system(_PATH_STARTUP); + if (stat(path_startup, &sb) == 0 && (sb.st_mode & 0400)) + system(path_startup); /* Send a probe to every peer on startup */ for (i = 0; i < peer_num; i++) Index: head/security/netpgp/Makefile =================================================================== --- head/security/netpgp/Makefile (revision 437667) +++ head/security/netpgp/Makefile (revision 437668) @@ -1,25 +1,22 @@ # $FreeBSD$ PORTNAME= netpgp PORTVERSION= 20140220 CATEGORIES= security MASTER_SITES= ftp://ftp.netbsd.org/pub/pkgsrc/distfiles/LOCAL_PORTS/ MAINTAINER= johans@FreeBSD.org COMMENT= PGP signing, verification, encryption, and decryption program USES= libtool ssl USE_LDCONFIG= yes GNU_CONFIGURE= yes INSTALL_TARGET= install-strip .include CPPFLAGS+= -I${OPENSSLINC} CFLAGS+= -I${OPENSSLINC} -Wno-error LDFLAGS+= -L${OPENSSLLIB} -.if !exists(${OPENSSLINC}/openssl/idea.h) -CFLAGS+= -DOPENSSL_NO_IDEA -.endif .include Index: head/security/py-pow/Makefile =================================================================== --- head/security/py-pow/Makefile (revision 437667) +++ head/security/py-pow/Makefile (revision 437668) @@ -1,40 +1,40 @@ # Created by: ijliao # $FreeBSD$ PORTNAME= pow PORTVERSION= 0.7 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security python MASTER_SITES= SF/${PORTNAME}/POW/POW-${PORTVERSION} PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} DISTNAME= ${PORTNAME:tu}-${PORTVERSION} MAINTAINER= ports@FreeBSD.org COMMENT= Python OpenSSL Wrappers LICENSE= BSD3CLAUSE USES= python ssl USE_PYTHON= distutils PYDISTUTILS_PKGNAME= POW PORTDOCS= POW.pdf OPTIONS_DEFINE= DOCS post-patch: @${REINPLACE_CMD} -e 's|licence|license|' ${WRKSRC}/setup.py do-build: - cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_IDEA -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET} + cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET} post-install: @${STRIP_CMD} ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/POW/_POW.so post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} .for i in ${PORTDOCS} ${INSTALL_DATA} ${WRKSRC}/docs/${i} ${STAGEDIR}${DOCSDIR} .endfor .include