git: cf6fdfe01db0 - main - security/libreswan: New port: IPsec and IKE based firewall
Yuri Victorovich
yuri at FreeBSD.org
Sat May 22 01:21:15 UTC 2021
The branch main has been updated by yuri:
URL: https://cgit.FreeBSD.org/ports/commit/?id=cf6fdfe01db097233369f9b8f6ecc8e716e32923
commit cf6fdfe01db097233369f9b8f6ecc8e716e32923
Author: Yuri Victorovich <yuri at FreeBSD.org>
AuthorDate: 2021-05-22 01:19:49 +0000
Commit: Yuri Victorovich <yuri at FreeBSD.org>
CommitDate: 2021-05-22 01:20:52 +0000
security/libreswan: New port: IPsec and IKE based firewall
---
security/Makefile | 1 +
security/libreswan/Makefile | 45 ++++++++++++++++++++++
security/libreswan/distinfo | 7 ++++
security/libreswan/files/patch-include_fd.h | 10 +++++
.../files/patch-lib_libipsecconf_confread.c | 10 +++++
.../files/patch-lib_libipsecconf_keywords.c | 10 +++++
.../libreswan/files/patch-lib_libswan_addrtypeof.c | 10 +++++
.../libreswan/files/patch-lib_libswan_initaddr.c | 10 +++++
.../files/patch-lib_libswan_ip__address.c | 11 ++++++
.../libreswan/files/patch-lib_libswan_ip__encap.c | 10 +++++
.../files/patch-lib_libswan_ip__endpoint.c | 11 ++++++
.../libreswan/files/patch-lib_libswan_ip__info.c | 11 ++++++
.../libreswan/files/patch-lib_libswan_ttoaddress.c | 10 +++++
.../files/patch-programs_pluto_kernel__bsdkame.c | 13 +++++++
.../libreswan/files/patch-programs_pluto_packet.c | 10 +++++
security/libreswan/pkg-descr | 6 +++
security/libreswan/pkg-plist | 45 ++++++++++++++++++++++
17 files changed, 230 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index ad319e91e1ae..b6060eb1d6e4 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -310,6 +310,7 @@
SUBDIR += libpwstor
SUBDIR += libressl
SUBDIR += libressl-devel
+ SUBDIR += libreswan
SUBDIR += libretls
SUBDIR += libscep
SUBDIR += libscrypt
diff --git a/security/libreswan/Makefile b/security/libreswan/Makefile
new file mode 100644
index 000000000000..5acc76339fa0
--- /dev/null
+++ b/security/libreswan/Makefile
@@ -0,0 +1,45 @@
+PORTNAME= libreswan
+DISTVERSION= 4.4
+CATEGORIES= security
+MASTER_SITES= https://download.libreswan.org/
+
+PATCH_SITES= https://github.com/${PORTNAME}/${PORTNAME}/commit/
+PATCHFILES= e43bc147e1342df55f51df06ef886749111d2cff.patch:-p1 # fix for https://github.com/libreswan/libreswan/issues/448
+PATCHFILES+= 607237df81c9896743f9b2cb91faab01e4d1c3fc.patch:-p1 # BSD patches: https://github.com/libreswan/libreswan/commit/607237df81c9896743f9b2cb91faab01e4d1c3fc
+
+MAINTAINER= yuri at FreeBSD.org
+COMMENT= IPsec and IKE based firewall
+
+LICENSE= GPLv2
+LICENSE_FILE= ${WRKSRC}/COPYING
+
+LIB_DEPENDS= libcurl.so:ftp/curl \
+ libevent.so:devel/libevent \
+ libldns.so:dns/ldns \
+ libnspr4.so:devel/nspr \
+ libnss3.so:security/nss \
+ libunbound.so:dns/unbound
+
+USES= bison gmake pkgconfig python
+
+CFLAGS+= -I${WRKSRC}/include/unbound
+LDFLAGS+= -lcrypt
+
+MAKE_ARGS= PKG_BASE=${LOCALBASE} \
+ NSS_CFLAGS="`pkg-config --cflags nss`" NSPR_LDFLAGS="`pkg-config --libs nss`" \
+ USE_PTHREAD_SETSCHEDPRIO=false \
+ WERROR_CFLAGS="" \
+ PYTHON_BINARY=${PYTHON_CMD}
+
+OPTIONS_DEFINE= DOCS
+
+post-configure:
+ @cd ${WRKSRC}/mk/defaults && \
+ ${RLN} netbsd.mk freebsd.mk
+
+post-install:
+.for f in _import_crl addconn algparse cavp dncheck ecdsasigkey enumcheck hunkcheck ipcheck jambufcheck keyidcheck pluto readwriteconf rsasigkey showhostkey timecheck whack
+ @${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/ipsec/${f}
+.endfor
+
+.include <bsd.port.mk>
diff --git a/security/libreswan/distinfo b/security/libreswan/distinfo
new file mode 100644
index 000000000000..5c9e6f8f0c52
--- /dev/null
+++ b/security/libreswan/distinfo
@@ -0,0 +1,7 @@
+TIMESTAMP = 1621641154
+SHA256 (libreswan-4.4.tar.gz) = 5f3f0a20d7097f20108bc93ba1255a778d8ffb8692d05f86383978c03c394976
+SIZE (libreswan-4.4.tar.gz) = 3503201
+SHA256 (e43bc147e1342df55f51df06ef886749111d2cff.patch) = d3f168c32501ee2de41b51a747921765c3d2bef555656c098041696f29e14806
+SIZE (e43bc147e1342df55f51df06ef886749111d2cff.patch) = 1279
+SHA256 (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 8a5c42b5b0c405a67fc4b178da10a9734e34fc44cb6f6c02ce63d8dd45e11253
+SIZE (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 14059
diff --git a/security/libreswan/files/patch-include_fd.h b/security/libreswan/files/patch-include_fd.h
new file mode 100644
index 000000000000..020743f2ca84
--- /dev/null
+++ b/security/libreswan/files/patch-include_fd.h
@@ -0,0 +1,10 @@
+--- include/fd.h.orig 2021-05-21 21:31:28 UTC
++++ include/fd.h
+@@ -26,6 +26,7 @@
+
+ #include <stdbool.h>
+ #include <stdlib.h> /* for ssize_t */
++#include <sys/types.h>
+
+ #include "where.h"
+
diff --git a/security/libreswan/files/patch-lib_libipsecconf_confread.c b/security/libreswan/files/patch-lib_libipsecconf_confread.c
new file mode 100644
index 000000000000..8c5788b1bea6
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libipsecconf_confread.c
@@ -0,0 +1,10 @@
+--- lib/libipsecconf/confread.c.orig 2021-05-21 21:27:40 UTC
++++ lib/libipsecconf/confread.c
+@@ -33,6 +33,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <assert.h>
++#include <sys/socket.h>
+
+ #include "lswalloc.h"
+ #include "ip_address.h"
diff --git a/security/libreswan/files/patch-lib_libipsecconf_keywords.c b/security/libreswan/files/patch-lib_libipsecconf_keywords.c
new file mode 100644
index 000000000000..7c007941568e
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libipsecconf_keywords.c
@@ -0,0 +1,10 @@
+--- lib/libipsecconf/keywords.c.orig 2021-05-21 21:28:14 UTC
++++ lib/libipsecconf/keywords.c
+@@ -28,6 +28,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <limits.h>
++#include <sys/socket.h>
+
+ #include <libreswan.h>
+ #include "constants.h"
diff --git a/security/libreswan/files/patch-lib_libswan_addrtypeof.c b/security/libreswan/files/patch-lib_libswan_addrtypeof.c
new file mode 100644
index 000000000000..3d8299c7e112
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libswan_addrtypeof.c
@@ -0,0 +1,10 @@
+--- lib/libswan/addrtypeof.c.orig 2021-05-21 18:49:29 UTC
++++ lib/libswan/addrtypeof.c
+@@ -14,6 +14,7 @@
+ */
+
+ #include <string.h>
++#include <sys/socket.h>
+
+ #include "ip_address.h"
+ #include "ip_info.h"
diff --git a/security/libreswan/files/patch-lib_libswan_initaddr.c b/security/libreswan/files/patch-lib_libswan_initaddr.c
new file mode 100644
index 000000000000..5bffefeb1748
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libswan_initaddr.c
@@ -0,0 +1,10 @@
+--- lib/libswan/initaddr.c.orig 2021-04-22 15:24:33 UTC
++++ lib/libswan/initaddr.c
+@@ -16,6 +16,7 @@
+ */
+
+ #include <string.h>
++#include <sys/socket.h>
+
+ #include "ip_info.h"
+ #include "ip_address.h"
diff --git a/security/libreswan/files/patch-lib_libswan_ip__address.c b/security/libreswan/files/patch-lib_libswan_ip__address.c
new file mode 100644
index 000000000000..c04a6c16759b
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libswan_ip__address.c
@@ -0,0 +1,11 @@
+--- lib/libswan/ip_address.c.orig 2021-05-21 18:51:10 UTC
++++ lib/libswan/ip_address.c
+@@ -16,6 +16,8 @@
+ * License for more details.
+ */
+
++#include <sys/socket.h>
++
+ #include "jambuf.h"
+ #include "ip_address.h"
+ #include "lswlog.h" /* for dbg() */
diff --git a/security/libreswan/files/patch-lib_libswan_ip__encap.c b/security/libreswan/files/patch-lib_libswan_ip__encap.c
new file mode 100644
index 000000000000..ec0c30e2f9ba
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libswan_ip__encap.c
@@ -0,0 +1,10 @@
+--- lib/libswan/ip_encap.c.orig 2021-05-21 18:52:58 UTC
++++ lib/libswan/ip_encap.c
+@@ -19,6 +19,7 @@
+ #ifdef linux
+ # include <linux/udp.h> /* for TCP_ENCAP_ESPINTCP and UDP_ENCAP_ESPINUDP */
+ #else
++# include <sys/types.h>
+ # include <netinet/udp.h> /* for UDP_ENCAP_ESPINUDP aka NAT */
+ #endif
+
diff --git a/security/libreswan/files/patch-lib_libswan_ip__endpoint.c b/security/libreswan/files/patch-lib_libswan_ip__endpoint.c
new file mode 100644
index 000000000000..905a61816783
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libswan_ip__endpoint.c
@@ -0,0 +1,11 @@
+--- lib/libswan/ip_endpoint.c.orig 2021-05-21 18:53:45 UTC
++++ lib/libswan/ip_endpoint.c
+@@ -14,6 +14,8 @@
+ *
+ */
+
++#include <sys/socket.h>
++
+ #include "jambuf.h"
+ #include "ip_endpoint.h"
+ #include "constants.h" /* for memeq() */
diff --git a/security/libreswan/files/patch-lib_libswan_ip__info.c b/security/libreswan/files/patch-lib_libswan_ip__info.c
new file mode 100644
index 000000000000..33d690c85c47
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libswan_ip__info.c
@@ -0,0 +1,11 @@
+--- lib/libswan/ip_info.c.orig 2021-05-21 18:51:44 UTC
++++ lib/libswan/ip_info.c
+@@ -17,6 +17,8 @@
+ * for more details.
+ */
+
++#include <sys/socket.h>
++
+ #include "ietf_constants.h"
+ #include "ip_info.h"
+ #include "passert.h"
diff --git a/security/libreswan/files/patch-lib_libswan_ttoaddress.c b/security/libreswan/files/patch-lib_libswan_ttoaddress.c
new file mode 100644
index 000000000000..fb2ec579f6ca
--- /dev/null
+++ b/security/libreswan/files/patch-lib_libswan_ttoaddress.c
@@ -0,0 +1,10 @@
+--- lib/libswan/ttoaddress.c.orig 2021-05-21 18:49:01 UTC
++++ lib/libswan/ttoaddress.c
+@@ -18,6 +18,7 @@
+
+ #include <string.h>
+ #include <netdb.h> /* for gethostbyname2() */
++#include <sys/socket.h>
+
+ #include "ip_address.h"
+ #include "ip_info.h"
diff --git a/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c b/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c
new file mode 100644
index 000000000000..4c962ee0e7fe
--- /dev/null
+++ b/security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c
@@ -0,0 +1,13 @@
+--- programs/pluto/kernel_bsdkame.c.orig 2021-05-21 21:30:08 UTC
++++ programs/pluto/kernel_bsdkame.c
+@@ -24,6 +24,10 @@
+ #include <string.h>
+ #include <unistd.h>
+
++#if defined(__FreeBSD__)
++#include <sys/queue.h>
++#endif
++
+ #include <sys/select.h>
+ #include <sys/time.h>
+ #include <sys/socket.h>
diff --git a/security/libreswan/files/patch-programs_pluto_packet.c b/security/libreswan/files/patch-programs_pluto_packet.c
new file mode 100644
index 000000000000..534cee3f8d43
--- /dev/null
+++ b/security/libreswan/files/patch-programs_pluto_packet.c
@@ -0,0 +1,10 @@
+--- programs/pluto/packet.c.orig 2021-05-21 23:54:59 UTC
++++ programs/pluto/packet.c
+@@ -22,6 +22,7 @@
+ #include <stddef.h>
+ #include <netinet/in.h>
+ #include <string.h>
++#include <sys/socket.h>
+
+ #include "constants.h"
+ #include "lswalloc.h"
diff --git a/security/libreswan/pkg-descr b/security/libreswan/pkg-descr
new file mode 100644
index 000000000000..ffe34de2d250
--- /dev/null
+++ b/security/libreswan/pkg-descr
@@ -0,0 +1,6 @@
+Libreswan is a free software implementation of the most widely supported and
+standardized VPN protocol using "IPsec" and the Internet Key Exchange ("IKE").
+These standards are produced and maintained by the Internet Engineering Task
+Force ("IETF").
+
+WWW: https://libreswan.org/
diff --git a/security/libreswan/pkg-plist b/security/libreswan/pkg-plist
new file mode 100644
index 000000000000..3ecc6e1c6f11
--- /dev/null
+++ b/security/libreswan/pkg-plist
@@ -0,0 +1,45 @@
+/etc/pam.d/pluto
+etc/ipsec.conf
+etc/ipsec.d/policies/block
+etc/ipsec.d/policies/clear
+etc/ipsec.d/policies/clear-or-private
+etc/ipsec.d/policies/portexcludes.conf
+etc/ipsec.d/policies/private
+etc/ipsec.d/policies/private-or-clear
+etc/ipsec.secrets
+etc/logrotate.d/libreswan
+libexec/ipsec/_import_crl
+libexec/ipsec/_plutorun
+libexec/ipsec/_realsetup
+libexec/ipsec/_secretcensor
+libexec/ipsec/_stackmanager
+libexec/ipsec/_unbound-hook
+libexec/ipsec/_updown
+libexec/ipsec/_updown.bsdkame
+libexec/ipsec/addconn
+libexec/ipsec/algparse
+libexec/ipsec/auto
+libexec/ipsec/barf
+libexec/ipsec/cavp
+libexec/ipsec/dncheck
+libexec/ipsec/ecdsasigkey
+libexec/ipsec/enumcheck
+libexec/ipsec/hunkcheck
+libexec/ipsec/ipcheck
+libexec/ipsec/jambufcheck
+libexec/ipsec/keyidcheck
+libexec/ipsec/letsencrypt
+libexec/ipsec/look
+libexec/ipsec/newhostkey
+libexec/ipsec/pluto
+libexec/ipsec/readwriteconf
+libexec/ipsec/rsasigkey
+libexec/ipsec/setup
+libexec/ipsec/show
+libexec/ipsec/showhostkey
+libexec/ipsec/timecheck
+libexec/ipsec/verify
+libexec/ipsec/whack
+sbin/ipsec
+%%PORTDOCS%%%%DOCSDIR%%/ipsec.conf-sample
+%%PORTDOCS%%%%DOCSDIR%%/ipsec.secrets-sample
More information about the dev-commits-ports-all
mailing list