Index: head/security/ipsec-tools/Makefile =================================================================== --- head/security/ipsec-tools/Makefile (revision 468616) +++ head/security/ipsec-tools/Makefile (revision 468617) @@ -1,104 +1,104 @@ # Created by: vanhu # $FreeBSD$ # TODO: - libipsec issue ? # - cleanup... # - SYSCONFDIR # - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey PORTNAME= ipsec-tools PORTVERSION= 0.8.2 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= SF MAINTAINER= vanhu@FreeBSD.org COMMENT= KAME racoon IKE daemon, ipsec-tools version LICENSE= BSD3CLAUSE CONFLICTS= racoon-[0-9]* USE_RC_SUBR= racoon INSTALL_TARGET= install-strip USES= libtool tar:bzip2 ssl GNU_CONFIGURE= yes USE_LDCONFIG= yes CONFIGURE_ARGS= --enable-shared --sysconfdir=${PREFIX}/etc/racoon \ --localstatedir=${STATEDIR:S/\/racoon//} \ --with-pkgversion=freebsd-${PORTVERSION} STATEDIR= /var/db/racoon SUB_LIST+= STATEDIR=${STATEDIR} PLIST_SUB+= STATEDIR=${STATEDIR} OPTIONS_DEFINE= DEBUG IPV6 ADMINPORT STATS DPD NATT NATTF FRAG HYBRID PAM \ RADIUS LDAP GSSAPI SAUNSPEC RC5 IDEA DOCS EXAMPLES WCPSKEY OPTIONS_DEFAULT= DEBUG DPD NATT FRAG HYBRID ADMINPORT_DESC= Enable Admin port STATS_DESC= Statistics logging function DPD_DESC= Dead Peer Detection NATT_DESC= NAT-Traversal (kernel-patch required before 11.0-STABLE) NATTF_DESC= require NAT-Traversal (fail without kernel-patch) FRAG_DESC= IKE fragmentation payload support HYBRID_DESC= Hybrid, Xauth and Mode-cfg support SAUNSPEC_DESC= Unspecified SA mode RC5_DESC= RC5 encryption (patented) IDEA_DESC= IDEA encryption (patented) PAM_DESC= PAM authentication (Xauth server) RADIUS_DESC= Radius authentication (Xauth server) LDAP_DESC= LDAP authentication (Xauth server) WCPSKEY_DESC= Allow wildcard matching for pre-shared keys PORTDOCS= * PORTEXAMPLES= * DEBUG_CONFIGURE_ENABLE= debug IPV6_CONFIGURE_ENABLE= ipv6 ADMINPORT_CONFIGURE_ENABLE=adminport STATS_CONFIGURE_ENABLE= stats DPD_CONFIGURE_ENABLE= dpd NATTF_VARS= NATT=yes NATTF_VARS_OFF= NATT=kernel NATT_CONFIGURE_ON= --enable-natt=${NATT} --enable-natt-versions=rfc NATT_CONFIGURE_OFF= --disable-natt FRAG_CONFIGURE_ENABLE= frag HYBRID_CONFIGURE_ENABLE=hybrid PAM_CONFIGURE_WITH= libpam GSSAPI_USES= iconv GSSAPI_CFLAGS= -I${LOCALBASE}/include GSSAPI_LDFLAGS= -L${LOCALBASE}/lib GSSAPI_CONFIGURE_ENABLE=gssapi RADIUS_CONFIGURE_WITH= libradius LDAP_USE= OPENLDAP=yes LDAP_CONFIGURE_ON= --with-libldap=${LOCALBASE} LDAP_CONFIGURE_OFF= --without-libldap SAUNSPEC_CONFIGURE_ENABLE= samode-unspec RC5_CONFIGURE_ENABLE= rc5 IDEA_CONFIGURE_ENABLE= idea WCPSKEY_EXTRA_PATCHES= ${FILESDIR}/wildcard-psk.diff NATT_EXTRA_PATCHES= ${FILESDIR}/natt.diff post-patch: @${REINPLACE_CMD} -e "s/-Werror//g ; s/-R$$libdir/-Wl,-rpath=$$libdir/g" ${WRKSRC}/configure post-install: @${MKDIR} ${STAGEDIR}/${PREFIX}/etc/racoon @if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && ${ECHO_CMD} ipsec` ]; then \ ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \ ${ECHO_MSG} " You must build the kernel if you want to run racoon on the host"; \ fi ; post-install-EXAMPLES-on: @${MKDIR} ${STAGEDIR}/${EXAMPLESDIR} @${RM} ${WRKSRC}/src/racoon/samples/*.in @${CP} -r ${WRKSRC}/src/racoon/samples/* ${STAGEDIR}/${EXAMPLESDIR} post-install-DOCS-on: @${MKDIR} ${STAGEDIR}/${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/src/racoon/doc/* ${STAGEDIR}/${DOCSDIR} .include Index: head/security/ipsec-tools/files/patch-isakmpinit =================================================================== --- head/security/ipsec-tools/files/patch-isakmpinit (nonexistent) +++ head/security/ipsec-tools/files/patch-isakmpinit (revision 468617) @@ -0,0 +1,64 @@ +--- src/racoon/isakmp_var.h.orig 2010-11-12 16:36:37.000000000 +0600 ++++ src/racoon/isakmp_var.h 2018-04-27 22:15:58.249644000 +0700 +@@ -128,7 +128,7 @@ + #endif + + extern int copy_ph1addresses __P(( struct ph1handle *, +- struct remoteconf *, struct sockaddr *, struct sockaddr *)); ++ struct remoteconf *, struct sockaddr *, struct sockaddr *, int)); + extern void log_ph1established __P((const struct ph1handle *)); + + extern void script_hook __P((struct ph1handle *, int)); +--- src/racoon/isakmp.c.orig 2018-04-27 22:13:23.465260000 +0700 ++++ src/racoon/isakmp.c 2018-04-27 22:20:44.865139000 +0700 +@@ -1075,7 +1075,7 @@ isakmp_ph1begin_i(rmconf, remote, local) + iph1->approval = NULL; + + /* XXX copy remote address */ +- if (copy_ph1addresses(iph1, rmconf, remote, local) < 0) { ++ if (copy_ph1addresses(iph1, rmconf, remote, local, 1) < 0) { + delph1(iph1); + return NULL; + } +@@ -1190,7 +1190,7 @@ isakmp_ph1begin_r(msg, remote, local, et + + /* copy remote address; remote and local always contain + * port numbers so rmconf is not needed */ +- if (copy_ph1addresses(iph1, NULL, remote, local) < 0) { ++ if (copy_ph1addresses(iph1, NULL, remote, local, 0) < 0) { + delph1(iph1); + return -1; + } +@@ -2906,10 +2906,11 @@ isakmp_printpacket(msg, from, my, decode + #endif /*HAVE_PRINT_ISAKMP_C*/ + + int +-copy_ph1addresses(iph1, rmconf, remote, local) ++copy_ph1addresses(iph1, rmconf, remote, local, initiator) + struct ph1handle *iph1; + struct remoteconf *rmconf; + struct sockaddr *remote, *local; ++ int initiator; + { + u_int16_t port; + +@@ -2925,7 +2926,7 @@ copy_ph1addresses(iph1, rmconf, remote, + * if remote has port # (in case of responder - from recvfrom(2)) + * respect content of "remote". + */ +- if (extract_port(iph1->remote) == 0) { ++ if (initiator || extract_port(iph1->remote) == 0) { + port = 0; + if (rmconf != NULL) + port = extract_port(rmconf->remote); +--- src/racoon/isakmp_inf.c.orig 2018-04-27 22:13:23.482870000 +0700 ++++ src/racoon/isakmp_inf.c 2018-04-27 22:21:27.080881000 +0700 +@@ -725,7 +725,7 @@ isakmp_info_send_nx(isakmp, remote, loca + #endif + + /* copy remote address */ +- if (copy_ph1addresses(iph1, NULL, remote, local) < 0) ++ if (copy_ph1addresses(iph1, NULL, remote, local, 0) < 0) + goto end; + + tlen = sizeof(*n) + spisiz; Property changes on: head/security/ipsec-tools/files/patch-isakmpinit ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property