ports/173860: [maintainer update] security/strongswan 4.5.3 -> 5.0.1
Riaan Kruger
riaank at gmail.com
Fri Nov 23 12:50:01 UTC 2012
>Number: 173860
>Category: ports
>Synopsis: [maintainer update] security/strongswan 4.5.3 -> 5.0.1
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Nov 23 12:50:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Riaan Kruger
>Release: 8.3
>Organization:
Nanoteq
>Environment:
>Description:
Update security/strongswan from 4.5.3 to 5.0.1
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
diff -ruN strongswan/Makefile port/Makefile
--- strongswan/Makefile 2012-11-23 13:36:42.000000000 +0200
+++ port/Makefile 2012-11-23 14:26:36.000000000 +0200
@@ -2,42 +2,47 @@
# Date created: 30 May 2010
# Whom: <riaank at gmail.com>
#
-# $FreeBSD: head/security/strongswan/Makefile 300897 2012-07-14 14:29:18Z beat $
+# $FreeBSD: ports/security/strongswan/Makefile,v 1.3 2011/04/29 12:24:55 culot Exp $
-PORTNAME= strongswan
-PORTVERSION= 4.5.3
+PORTNAME= strongswan
+PORTVERSION= 5.0.1
CATEGORIES= security
MASTER_SITES= http://download.strongswan.org/ \
http://download2.strongswan.org/
-MAINTAINER= riaank at gmail.com
+MAINTAINER= strongswan at nanoteq.com
COMMENT= Open Source IKEv2 IPsec-based VPN solution
-OPTIONS= SQLITE "Enable SQLite" off \
- MYSQL "Enable MySQL" off \
- CURL "Enable CURL to fetch CRL/OCSP" off \
- EAPAKA3GPP2 "Enable EAP AKA with 3gpp2 backend" off \
- EAPSIMFILE "Enable EAP SIM with filebased backend" off
+OPTIONS= IKEv1 "Enable IKEv1 support (Experimental)" off \
+ LDAP "Enable LDAP" off \
+ SQLITE "Enable SQLite" off \
+ MYSQL "Enable MySQL" off \
+ CURL "Enable CURL to fetch CRL/OCSP" off \
+ EAPAKA3GPP2 "Enable EAP AKA with 3gpp2 backend" off \
+ EAPSIMFILE "Enable EAP SIM with file backend" off
-USE_RC_SUBR= strongswan
+USE_RC_SUBR= strongswan.sh
USE_BZIP2= yes
USE_AUTOTOOLS= libtool
GNU_CONFIGURE= yes
USE_OPENSSL= yes
USE_LDCONFIG= yes
+LIB_DEPENDS+= execinfo:${PORTSDIR}/devel/libexecinfo
+
CONFIGURE_ARGS= --enable-kernel-pfkey \
--enable-kernel-pfroute \
--disable-kernel-netlink \
--disable-tools \
--disable-scripts \
- --disable-pluto \
--disable-gmp \
--enable-openssl \
--enable-eap-identity \
--enable-eap-md5 \
--enable-eap-tls \
--enable-eap-mschapv2 \
+ --enable-eap-peap \
+ --enable-eap-ttls \
--enable-md4 \
--enable-blowfish \
--enable-addrblock \
@@ -46,11 +51,8 @@
--with-lib-prefix=${PREFIX}
# Man pages with default install
-MAN3= anyaddr.3 atoaddr.3 atoasr.3 atoul.3 goodmask.3 initaddr.3 \
- initsubnet.3 portof.3 rangetosubnet.3 sameaddr.3 subnetof.3 \
- ttoaddr.3 ttodata.3 ttosa.3 ttoul.3
-MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
-MAN8= ipsec.8 _updown.8 _updown_espmark.8
+MAN5= ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
+MAN8= ipsec.8
.include <bsd.port.pre.mk>
@@ -60,6 +62,21 @@
.endif
# Extra options
+.if defined(WITH_IKEv1)
+PLIST_SUB+= IKEv1=""
+.else
+CONFIGURE_ARGS+= --disable-ikev1
+PLIST_SUB+= IKEv1="@comment "
+.endif
+
+.if defined(WITH_LDAP)
+USE_OPENLDAP= yes
+CONFIGURE_ARGS+= --enable-ldap
+PLIST_SUB+= LDAP=""
+.else
+PLIST_SUB+= LDAP="@comment "
+.endif
+
.if defined(WITH_SQLITE) || defined (WITH_MYSQL)
CONFIGURE_ARGS+= --enable-attr-sql
CONFIGURE_ARGS+= --enable-sql
@@ -70,7 +87,7 @@
.if defined(WITH_SQLITE)
CONFIGURE_ARGS+= --enable-sqlite
-LIB_DEPENDS += sqlite3.8:${PORTSDIR}/databases/sqlite3
+LIB_DEPENDS+= sqlite3:${PORTSDIR}/databases/sqlite3
PLIST_SUB+= SQLITE=""
.else
PLIST_SUB+= SQLITE="@comment "
@@ -86,7 +103,7 @@
.if defined(WITH_CURL)
CONFIGURE_ARGS+= --enable-curl
-LIB_DEPENDS+= curl.6:${PORTSDIR}/ftp/curl
+LIB_DEPENDS+= curl:${PORTSDIR}/ftp/curl
PLIST_SUB+= CURL=""
.else
PLIST_SUB+= CURL="@comment "
@@ -103,11 +120,16 @@
.if defined(WITH_EAPAKA3GPP2)
CONFIGURE_ARGS+= --enable-eap-aka
CONFIGURE_ARGS+= --enable-eap-aka-3gpp2
-CONFIGURE_ARGS+= --enable-gmp
-LIB_DEPENDS+= gmp.10:${PORTSDIR}/math/gmp
+LIB_DEPENDS+= gmp:${PORTSDIR}/math/gmp
PLIST_SUB+= EAPAKA3GPP2=""
.else
PLIST_SUB+= EAPAKA3GPP2="@comment "
.endif
+.if defined(WITH_EAPSIMFILE) || defined(WITH_EAPAKA3GPP2)
+PLIST_SUB+=SIMAKA=""
+.else
+PLIST_SUB+=SIMAKA="@comment "
+.endif
+
.include <bsd.port.post.mk>
diff -ruN strongswan/distinfo port/distinfo
--- strongswan/distinfo 2012-11-23 13:36:42.000000000 +0200
+++ port/distinfo 2012-11-23 14:26:36.000000000 +0200
@@ -1,2 +1,2 @@
-SHA256 (strongswan-4.5.3.tar.bz2) = a59fa0d9820fb06a3c848f4537b9256d2067265ad10e1b007b79f3b16279f1ff
-SIZE (strongswan-4.5.3.tar.bz2) = 3299522
+SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4
+SIZE (strongswan-5.0.1.tar.bz2) = 3146776
diff -ruN strongswan/files/patch-src__ipsec__ipsec.in port/files/patch-src__ipsec__ipsec.in
--- strongswan/files/patch-src__ipsec__ipsec.in 2012-11-23 13:36:42.000000000 +0200
+++ port/files/patch-src__ipsec__ipsec.in 1970-01-01 02:00:00.000000000 +0200
@@ -1,20 +0,0 @@
-diff -ur srcold/ipsec/ipsec.in src/ipsec/ipsec.in
---- srcold/ipsec/ipsec.in 2011-09-22 08:39:26.589952124 +0200
-+++ src/ipsec/ipsec.in 2011-09-22 08:39:44.640945476 +0200
-@@ -19,6 +19,7 @@
- export PATH
-
- # name and version of the ipsec implementation
-+OS_NAME=`uname -s`
- IPSEC_NAME="@IPSEC_NAME@"
- IPSEC_VERSION="U at IPSEC_VERSION@/K`uname -r`"
-
-@@ -378,7 +379,7 @@
- fi
- ;;
- version|--version)
-- printf "Linux $IPSEC_NAME $IPSEC_VERSION\n"
-+ printf "$OS_NAME $IPSEC_NAME $IPSEC_VERSION\n"
- printf "$IPSEC_DISTRO\n"
- printf "See 'ipsec --copyright' for copyright information.\n"
- exit 0
diff -ruN strongswan/files/strongswan.in port/files/strongswan.in
--- strongswan/files/strongswan.in 2012-11-23 13:36:42.000000000 +0200
+++ port/files/strongswan.in 1970-01-01 02:00:00.000000000 +0200
@@ -1,37 +0,0 @@
-#!/bin/sh
-
-# $FreeBSD: head/security/strongswan/files/strongswan.in 300897 2012-07-14 14:29:18Z beat $
-
-# PROVIDE: strongswan
-# REQUIRE: LOGIN
-# KEYWORD: shutdown
-
-# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
-# to enable this service:
-#
-# strongswan_enable (bool): Set to NO by default.
-# Set it to YES to enable strongswan.
-
-. /etc/rc.subr
-
-name="strongswan"
-rcvar=strongswan_enable
-
-command="%%PREFIX%%/sbin/ipsec"
-extra_commands="reload statusall"
-
-load_rc_config $name
-
-start_cmd="strongswan_command start"
-stop_cmd="strongswan_command stop"
-restart_cmd="strongswan_command restart"
-status_cmd="strongswan_command status"
-reload_cmd="strongswan_command reload"
-statusall_cmd="strongswan_command statusall"
-
-strongswan_command()
-{
- $command ${rc_arg}
-}
-
-run_rc_command "$1"
diff -ruN strongswan/files/strongswan.sh.in port/files/strongswan.sh.in
--- strongswan/files/strongswan.sh.in 1970-01-01 02:00:00.000000000 +0200
+++ port/files/strongswan.sh.in 2012-11-23 14:26:36.000000000 +0200
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Start or stop strongswan
+# $FreeBSD: $
+
+# PROVIDE: strongswan
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+command="%%PREFIX%%/sbin/ipsec"
+. /etc/rc.subr
+
+name="strongswan"
+rcvar=`set_rcvar`
+extra_commands="reload statusall"
+
+load_rc_config $name
+
+start_cmd="strongswan_command start"
+stop_cmd="strongswan_command stop"
+restart_cmd="strongswan_command restart"
+status_cmd="strongswan_command status"
+reload_cmd="strongswan_command reload"
+statusall_cmd="strongswan_command statusall"
+
+
+strongswan_command()
+{
+ $command ${rc_arg}
+}
+
+run_rc_command "$1"
+
diff -ruN strongswan/pkg-plist port/pkg-plist
--- strongswan/pkg-plist 2012-11-23 13:36:42.000000000 +0200
+++ port/pkg-plist 2012-11-23 14:46:51.000000000 +0200
@@ -12,6 +12,10 @@
lib/ipsec/libstrongswan.la
lib/ipsec/libstrongswan.so
lib/ipsec/libstrongswan.so.0
+lib/ipsec/libtls.a
+lib/ipsec/libtls.la
+lib/ipsec/libtls.so
+lib/ipsec/libtls.so.0
lib/ipsec/plugins/libstrongswan-addrblock.a
lib/ipsec/plugins/libstrongswan-addrblock.la
lib/ipsec/plugins/libstrongswan-addrblock.so
@@ -24,6 +28,9 @@
lib/ipsec/plugins/libstrongswan-blowfish.a
lib/ipsec/plugins/libstrongswan-blowfish.la
lib/ipsec/plugins/libstrongswan-blowfish.so
+lib/ipsec/plugins/libstrongswan-cmac.a
+lib/ipsec/plugins/libstrongswan-cmac.la
+lib/ipsec/plugins/libstrongswan-cmac.so
lib/ipsec/plugins/libstrongswan-constraints.a
lib/ipsec/plugins/libstrongswan-constraints.la
lib/ipsec/plugins/libstrongswan-constraints.so
@@ -42,9 +49,15 @@
lib/ipsec/plugins/libstrongswan-eap-mschapv2.a
lib/ipsec/plugins/libstrongswan-eap-mschapv2.la
lib/ipsec/plugins/libstrongswan-eap-mschapv2.so
+lib/ipsec/plugins/libstrongswan-eap-peap.a
+lib/ipsec/plugins/libstrongswan-eap-peap.la
+lib/ipsec/plugins/libstrongswan-eap-peap.so
lib/ipsec/plugins/libstrongswan-eap-tls.a
lib/ipsec/plugins/libstrongswan-eap-tls.la
lib/ipsec/plugins/libstrongswan-eap-tls.so
+lib/ipsec/plugins/libstrongswan-eap-ttls.a
+lib/ipsec/plugins/libstrongswan-eap-ttls.la
+lib/ipsec/plugins/libstrongswan-eap-ttls.so
lib/ipsec/plugins/libstrongswan-fips-prf.a
lib/ipsec/plugins/libstrongswan-fips-prf.la
lib/ipsec/plugins/libstrongswan-fips-prf.so
@@ -63,6 +76,9 @@
lib/ipsec/plugins/libstrongswan-md5.a
lib/ipsec/plugins/libstrongswan-md5.la
lib/ipsec/plugins/libstrongswan-md5.so
+lib/ipsec/plugins/libstrongswan-nonce.a
+lib/ipsec/plugins/libstrongswan-nonce.la
+lib/ipsec/plugins/libstrongswan-nonce.so
lib/ipsec/plugins/libstrongswan-openssl.a
lib/ipsec/plugins/libstrongswan-openssl.la
lib/ipsec/plugins/libstrongswan-openssl.so
@@ -75,6 +91,9 @@
lib/ipsec/plugins/libstrongswan-pkcs1.a
lib/ipsec/plugins/libstrongswan-pkcs1.la
lib/ipsec/plugins/libstrongswan-pkcs1.so
+lib/ipsec/plugins/libstrongswan-pkcs8.a
+lib/ipsec/plugins/libstrongswan-pkcs8.la
+lib/ipsec/plugins/libstrongswan-pkcs8.so
lib/ipsec/plugins/libstrongswan-pubkey.a
lib/ipsec/plugins/libstrongswan-pubkey.la
lib/ipsec/plugins/libstrongswan-pubkey.so
@@ -119,6 +138,10 @@
libexec/ipsec/stroke
libexec/ipsec/whitelist
sbin/ipsec
+%%SIMAKA%%lib/ipsec/libsimaka.a
+%%SIMAKA%%lib/ipsec/libsimaka.la
+%%SIMAKA%%lib/ipsec/libsimaka.so
+%%SIMAKA%%lib/ipsec/libsimaka.so.0
%%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-eap-aka.a
%%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-eap-aka.la
%%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-eap-aka.so
@@ -137,6 +160,12 @@
%%CURL%%lib/ipsec/plugins/libstrongswan-curl.a
%%CURL%%lib/ipsec/plugins/libstrongswan-curl.la
%%CURL%%lib/ipsec/plugins/libstrongswan-curl.so
+%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.a
+%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.la
+%%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.so
+%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.a
+%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.la
+%%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.so
%%MYSQL%%lib/ipsec/plugins/libstrongswan-mysql.a
%%MYSQL%%lib/ipsec/plugins/libstrongswan-mysql.la
%%MYSQL%%lib/ipsec/plugins/libstrongswan-mysql.so
@@ -162,6 +191,7 @@
@dirrm etc/ipsec.d/acerts
@dirrm etc/ipsec.d/aacerts
@dirrm etc/ipsec.d
+ at exec mkdir -p %D/etc/ipsec.d
@exec mkdir -p %D/etc/ipsec.d/reqs
@exec mkdir -p %D/etc/ipsec.d/private
@exec mkdir -p %D/etc/ipsec.d/ocspcerts
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list