Index: head/security/ipsec-tools/Makefile =================================================================== --- head/security/ipsec-tools/Makefile (revision 505536) +++ head/security/ipsec-tools/Makefile (revision 505537) @@ -1,134 +1,134 @@ # Created by: vanhu # $FreeBSD$ # TODO: - libipsec issue ? # - cleanup... # - SYSCONFDIR # - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey PORTNAME= ipsec-tools PORTVERSION= 0.8.2 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= security MASTER_SITES= SF MAINTAINER= ports@FreeBSD.org COMMENT= KAME racoon IKE daemon, ipsec-tools version LICENSE= BSD3CLAUSE USES= libtool tar:bzip2 ssl CONFLICTS= racoon-[0-9]* INSTALL_TARGET= install-strip USE_RC_SUBR= racoon GNU_CONFIGURE= yes USE_LDCONFIG= yes CONFIGURE_ARGS= --enable-shared --sysconfdir=${PREFIX}/etc/racoon \ --localstatedir=${STATEDIR:S/\/racoon//} \ --with-pkgversion=freebsd-${PORTVERSION} STATEDIR= /var/db/racoon SUB_LIST+= STATEDIR=${STATEDIR} REQUIREMOD=${REQUIREMOD} PLIST_SUB+= STATEDIR=${STATEDIR} OPTIONS_DEFINE= DEBUG IPV6 ADMINPORT STATS DPD NATT NATTF FRAG HYBRID PAM \ RADIUS LDAP GSSAPI SAUNSPEC RC5 IDEA DOCS EXAMPLES WCPSKEY OPTIONS_DEFAULT= ADMINPORT DEBUG DPD NATT FRAG HYBRID WCPSKEY ADMINPORT_DESC= Enable Admin port STATS_DESC= Statistics logging function DPD_DESC= Dead Peer Detection NATT_DESC= NAT-Traversal (kernel-patch required before 11.1) NATTF_DESC= require NAT-Traversal (fail without kernel-patch) FRAG_DESC= IKE fragmentation payload support HYBRID_DESC= Hybrid, Xauth and Mode-cfg support SAUNSPEC_DESC= Unspecified SA mode RC5_DESC= RC5 encryption (patented) IDEA_DESC= IDEA encryption (patented) PAM_DESC= PAM authentication (Xauth server) RADIUS_DESC= Radius authentication (Xauth server) LDAP_DESC= LDAP authentication (Xauth server) WCPSKEY_DESC= Allow wildcard matching for pre-shared keys PORTDOCS= * PORTEXAMPLES= * DEBUG_CONFIGURE_ENABLE= debug IPV6_CONFIGURE_ENABLE= ipv6 ADMINPORT_CONFIGURE_ENABLE=adminport STATS_CONFIGURE_ENABLE= stats DPD_CONFIGURE_ENABLE= dpd NATTF_VARS= NATT=yes NATTF_VARS_OFF= NATT=kernel NATT_CONFIGURE_ON= --enable-natt=${NATT} --enable-natt-versions=rfc NATT_CONFIGURE_OFF= --disable-natt FRAG_CONFIGURE_ENABLE= frag HYBRID_CONFIGURE_ENABLE=hybrid PAM_CONFIGURE_WITH= libpam GSSAPI_USES= iconv GSSAPI_CFLAGS= -I${LOCALBASE}/include GSSAPI_LDFLAGS= -L${LOCALBASE}/lib GSSAPI_CONFIGURE_ENABLE=gssapi RADIUS_CONFIGURE_WITH= libradius LDAP_USE= OPENLDAP=yes LDAP_CONFIGURE_ON= --with-libldap=${LOCALBASE} LDAP_CONFIGURE_OFF= --without-libldap SAUNSPEC_CONFIGURE_ENABLE= samode-unspec RC5_CONFIGURE_ENABLE= rc5 IDEA_CONFIGURE_ENABLE= idea -WCPSKEY_EXTRA_PATCHES= ${FILESDIR}/wildcard-psk.diff NATT_EXTRA_PATCHES= ${FILESDIR}/natt.diff +WCPSKEY_EXTRA_PATCHES= ${FILESDIR}/wildcard-psk.diff ${FILESDIR}/wildcard-psk-oakley.c.diff .include .if ${OPSYS} == FreeBSD && ${OSVERSION} > 1100510 REQUIREMOD?= ipsec .endif # Need to be patched for openssl-1.1.1 (default after 1200080) .if ${OPSYS} == FreeBSD . if ${OSVERSION} >= 1200085 && ${SSL_DEFAULT} != openssl BUILD_DEPENDS+= automake>=0:devel/automake . endif .endif post-patch: @${REINPLACE_CMD} -e "s/-Werror//g ; s/-R$$libdir/-Wl,-rpath=$$libdir/g" ${WRKSRC}/configure # Need to be patched for openssl-1.1.1 (default after 1200080) .if ${OPSYS} == FreeBSD . if ${OSVERSION} >= 1200085 && ${SSL_DEFAULT} != openssl post-configure: @${REINPLACE_CMD} -e "s/automake-1.14/automake-1.16/g" ${WRKSRC}/Makefile ${WRKSRC}/*/Makefile \ ${WRKSRC}/*/*/Makefile @${REINPLACE_CMD} -e "s/aclocal-1.14/aclocal-1.16/g" ${WRKSRC}/Makefile ${WRKSRC}/*/Makefile \ ${WRKSRC}/*/*/Makefile . endif .endif post-install: @${MKDIR} ${STAGEDIR}/${PREFIX}/etc/racoon @if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && ${ECHO_CMD} ipsec` ]; then \ ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \ ${ECHO_MSG} " You must build the kernel if you want to run racoon on the host"; \ fi ; post-install-EXAMPLES-on: @${MKDIR} ${STAGEDIR}/${EXAMPLESDIR} @${RM} ${WRKSRC}/src/racoon/samples/*.in @${CP} -r ${WRKSRC}/src/racoon/samples/* ${STAGEDIR}/${EXAMPLESDIR} post-install-DOCS-on: @${MKDIR} ${STAGEDIR}/${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/src/racoon/doc/* ${STAGEDIR}/${DOCSDIR} .if ${OPSYS} == FreeBSD . if ${OSVERSION} >= 1200085 && ${SSL_DEFAULT} != openssl EXTRA_PATCHES+= ${FILESDIR}/extra-patch-aclocal.m4 EXTRA_PATCHES+= ${FILESDIR}/extra-patch-ipsec-tools PLIST_FILES+= include/racoon/openssl_compat.h . endif .endif .include Index: head/security/ipsec-tools/files/wildcard-psk-oakley.c.diff =================================================================== --- head/security/ipsec-tools/files/wildcard-psk-oakley.c.diff (nonexistent) +++ head/security/ipsec-tools/files/wildcard-psk-oakley.c.diff (revision 505537) @@ -0,0 +1,22 @@ +--- src/racoon/oakley.c.orig 2012-08-29 18:35:09.000000000 +0700 ++++ src/racoon/oakley.c 2019-07-01 11:03:18.864245000 +0700 +@@ -2400,7 +2400,19 @@ oakley_skeyid(iph1) + case OAKLEY_ATTR_AUTH_METHOD_XAUTH_PSKEY_R: + #endif + if (iph1->etype != ISAKMP_ETYPE_IDENT) { ++ struct ipsecdoi_id_b *id_b; ++ ++ id_b = (struct ipsecdoi_id_b *)iph1->id_p->v; ++ if (id_b->type != IPSECDOI_ID_IPV4_ADDR && ++ id_b->type != IPSECDOI_ID_IPV6_ADDR) + iph1->authstr = getpskbyname(iph1->id_p); ++ else { ++ struct sockaddr addr; ++ u_int16_t ul_proto; ++ u_int8_t prefix; ++ if (!ipsecdoi_id2sockaddr(iph1->id_p, &addr, &prefix, &ul_proto)) ++ iph1->authstr = getpskbyaddr(&addr); ++ } + if (iph1->authstr == NULL) { + if (iph1->rmconf->verify_identifier) { + plog(LLV_ERROR, LOCATION, iph1->remote, Property changes on: head/security/ipsec-tools/files/wildcard-psk-oakley.c.diff ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property