Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/libreswan: New port: IPsec and IKE based firewall
- Loading branch information
Showing
17 changed files
with
230 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
PORTNAME= libreswan | ||
DISTVERSION= 4.4 | ||
CATEGORIES= security | ||
MASTER_SITES= https://download.libreswan.org/ | ||
|
||
PATCH_SITES= https://github.com/${PORTNAME}/${PORTNAME}/commit/ | ||
PATCHFILES= e43bc147e1342df55f51df06ef886749111d2cff.patch:-p1 # fix for https://github.com/libreswan/libreswan/issues/448 | ||
PATCHFILES+= 607237df81c9896743f9b2cb91faab01e4d1c3fc.patch:-p1 # BSD patches: https://github.com/libreswan/libreswan/commit/607237df81c9896743f9b2cb91faab01e4d1c3fc | ||
|
||
MAINTAINER= yuri@FreeBSD.org | ||
COMMENT= IPsec and IKE based firewall | ||
|
||
LICENSE= GPLv2 | ||
LICENSE_FILE= ${WRKSRC}/COPYING | ||
|
||
LIB_DEPENDS= libcurl.so:ftp/curl \ | ||
libevent.so:devel/libevent \ | ||
libldns.so:dns/ldns \ | ||
libnspr4.so:devel/nspr \ | ||
libnss3.so:security/nss \ | ||
libunbound.so:dns/unbound | ||
|
||
USES= bison gmake pkgconfig python | ||
|
||
CFLAGS+= -I${WRKSRC}/include/unbound | ||
LDFLAGS+= -lcrypt | ||
|
||
MAKE_ARGS= PKG_BASE=${LOCALBASE} \ | ||
NSS_CFLAGS="`pkg-config --cflags nss`" NSPR_LDFLAGS="`pkg-config --libs nss`" \ | ||
USE_PTHREAD_SETSCHEDPRIO=false \ | ||
WERROR_CFLAGS="" \ | ||
PYTHON_BINARY=${PYTHON_CMD} | ||
|
||
OPTIONS_DEFINE= DOCS | ||
|
||
post-configure: | ||
@cd ${WRKSRC}/mk/defaults && \ | ||
${RLN} netbsd.mk freebsd.mk | ||
|
||
post-install: | ||
.for f in _import_crl addconn algparse cavp dncheck ecdsasigkey enumcheck hunkcheck ipcheck jambufcheck keyidcheck pluto readwriteconf rsasigkey showhostkey timecheck whack | ||
@${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/ipsec/${f} | ||
.endfor | ||
|
||
.include <bsd.port.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
TIMESTAMP = 1621641154 | ||
SHA256 (libreswan-4.4.tar.gz) = 5f3f0a20d7097f20108bc93ba1255a778d8ffb8692d05f86383978c03c394976 | ||
SIZE (libreswan-4.4.tar.gz) = 3503201 | ||
SHA256 (e43bc147e1342df55f51df06ef886749111d2cff.patch) = d3f168c32501ee2de41b51a747921765c3d2bef555656c098041696f29e14806 | ||
SIZE (e43bc147e1342df55f51df06ef886749111d2cff.patch) = 1279 | ||
SHA256 (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 8a5c42b5b0c405a67fc4b178da10a9734e34fc44cb6f6c02ce63d8dd45e11253 | ||
SIZE (607237df81c9896743f9b2cb91faab01e4d1c3fc.patch) = 14059 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- include/fd.h.orig 2021-05-21 21:31:28 UTC | ||
+++ include/fd.h | ||
@@ -26,6 +26,7 @@ | ||
|
||
#include <stdbool.h> | ||
#include <stdlib.h> /* for ssize_t */ | ||
+#include <sys/types.h> | ||
|
||
#include "where.h" | ||
|
10 changes: 10 additions & 0 deletions
10
security/libreswan/files/patch-lib_libipsecconf_confread.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- lib/libipsecconf/confread.c.orig 2021-05-21 21:27:40 UTC | ||
+++ lib/libipsecconf/confread.c | ||
@@ -33,6 +33,7 @@ | ||
#include <stdio.h> | ||
#include <string.h> | ||
#include <assert.h> | ||
+#include <sys/socket.h> | ||
|
||
#include "lswalloc.h" | ||
#include "ip_address.h" |
10 changes: 10 additions & 0 deletions
10
security/libreswan/files/patch-lib_libipsecconf_keywords.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- lib/libipsecconf/keywords.c.orig 2021-05-21 21:28:14 UTC | ||
+++ lib/libipsecconf/keywords.c | ||
@@ -28,6 +28,7 @@ | ||
#include <stdlib.h> | ||
#include <stdio.h> | ||
#include <limits.h> | ||
+#include <sys/socket.h> | ||
|
||
#include <libreswan.h> | ||
#include "constants.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- lib/libswan/addrtypeof.c.orig 2021-05-21 18:49:29 UTC | ||
+++ lib/libswan/addrtypeof.c | ||
@@ -14,6 +14,7 @@ | ||
*/ | ||
|
||
#include <string.h> | ||
+#include <sys/socket.h> | ||
|
||
#include "ip_address.h" | ||
#include "ip_info.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- lib/libswan/initaddr.c.orig 2021-04-22 15:24:33 UTC | ||
+++ lib/libswan/initaddr.c | ||
@@ -16,6 +16,7 @@ | ||
*/ | ||
|
||
#include <string.h> | ||
+#include <sys/socket.h> | ||
|
||
#include "ip_info.h" | ||
#include "ip_address.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- lib/libswan/ip_address.c.orig 2021-05-21 18:51:10 UTC | ||
+++ lib/libswan/ip_address.c | ||
@@ -16,6 +16,8 @@ | ||
* License for more details. | ||
*/ | ||
|
||
+#include <sys/socket.h> | ||
+ | ||
#include "jambuf.h" | ||
#include "ip_address.h" | ||
#include "lswlog.h" /* for dbg() */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- lib/libswan/ip_encap.c.orig 2021-05-21 18:52:58 UTC | ||
+++ lib/libswan/ip_encap.c | ||
@@ -19,6 +19,7 @@ | ||
#ifdef linux | ||
# include <linux/udp.h> /* for TCP_ENCAP_ESPINTCP and UDP_ENCAP_ESPINUDP */ | ||
#else | ||
+# include <sys/types.h> | ||
# include <netinet/udp.h> /* for UDP_ENCAP_ESPINUDP aka NAT */ | ||
#endif | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- lib/libswan/ip_endpoint.c.orig 2021-05-21 18:53:45 UTC | ||
+++ lib/libswan/ip_endpoint.c | ||
@@ -14,6 +14,8 @@ | ||
* | ||
*/ | ||
|
||
+#include <sys/socket.h> | ||
+ | ||
#include "jambuf.h" | ||
#include "ip_endpoint.h" | ||
#include "constants.h" /* for memeq() */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- lib/libswan/ip_info.c.orig 2021-05-21 18:51:44 UTC | ||
+++ lib/libswan/ip_info.c | ||
@@ -17,6 +17,8 @@ | ||
* for more details. | ||
*/ | ||
|
||
+#include <sys/socket.h> | ||
+ | ||
#include "ietf_constants.h" | ||
#include "ip_info.h" | ||
#include "passert.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- lib/libswan/ttoaddress.c.orig 2021-05-21 18:49:01 UTC | ||
+++ lib/libswan/ttoaddress.c | ||
@@ -18,6 +18,7 @@ | ||
|
||
#include <string.h> | ||
#include <netdb.h> /* for gethostbyname2() */ | ||
+#include <sys/socket.h> | ||
|
||
#include "ip_address.h" | ||
#include "ip_info.h" |
13 changes: 13 additions & 0 deletions
13
security/libreswan/files/patch-programs_pluto_kernel__bsdkame.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
--- programs/pluto/kernel_bsdkame.c.orig 2021-05-21 21:30:08 UTC | ||
+++ programs/pluto/kernel_bsdkame.c | ||
@@ -24,6 +24,10 @@ | ||
#include <string.h> | ||
#include <unistd.h> | ||
|
||
+#if defined(__FreeBSD__) | ||
+#include <sys/queue.h> | ||
+#endif | ||
+ | ||
#include <sys/select.h> | ||
#include <sys/time.h> | ||
#include <sys/socket.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- programs/pluto/packet.c.orig 2021-05-21 23:54:59 UTC | ||
+++ programs/pluto/packet.c | ||
@@ -22,6 +22,7 @@ | ||
#include <stddef.h> | ||
#include <netinet/in.h> | ||
#include <string.h> | ||
+#include <sys/socket.h> | ||
|
||
#include "constants.h" | ||
#include "lswalloc.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
Libreswan is a free software implementation of the most widely supported and | ||
standardized VPN protocol using "IPsec" and the Internet Key Exchange ("IKE"). | ||
These standards are produced and maintained by the Internet Engineering Task | ||
Force ("IETF"). | ||
|
||
WWW: https://libreswan.org/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
/etc/pam.d/pluto | ||
etc/ipsec.conf | ||
etc/ipsec.d/policies/block | ||
etc/ipsec.d/policies/clear | ||
etc/ipsec.d/policies/clear-or-private | ||
etc/ipsec.d/policies/portexcludes.conf | ||
etc/ipsec.d/policies/private | ||
etc/ipsec.d/policies/private-or-clear | ||
etc/ipsec.secrets | ||
etc/logrotate.d/libreswan | ||
libexec/ipsec/_import_crl | ||
libexec/ipsec/_plutorun | ||
libexec/ipsec/_realsetup | ||
libexec/ipsec/_secretcensor | ||
libexec/ipsec/_stackmanager | ||
libexec/ipsec/_unbound-hook | ||
libexec/ipsec/_updown | ||
libexec/ipsec/_updown.bsdkame | ||
libexec/ipsec/addconn | ||
libexec/ipsec/algparse | ||
libexec/ipsec/auto | ||
libexec/ipsec/barf | ||
libexec/ipsec/cavp | ||
libexec/ipsec/dncheck | ||
libexec/ipsec/ecdsasigkey | ||
libexec/ipsec/enumcheck | ||
libexec/ipsec/hunkcheck | ||
libexec/ipsec/ipcheck | ||
libexec/ipsec/jambufcheck | ||
libexec/ipsec/keyidcheck | ||
libexec/ipsec/letsencrypt | ||
libexec/ipsec/look | ||
libexec/ipsec/newhostkey | ||
libexec/ipsec/pluto | ||
libexec/ipsec/readwriteconf | ||
libexec/ipsec/rsasigkey | ||
libexec/ipsec/setup | ||
libexec/ipsec/show | ||
libexec/ipsec/showhostkey | ||
libexec/ipsec/timecheck | ||
libexec/ipsec/verify | ||
libexec/ipsec/whack | ||
sbin/ipsec | ||
%%PORTDOCS%%%%DOCSDIR%%/ipsec.conf-sample | ||
%%PORTDOCS%%%%DOCSDIR%%/ipsec.secrets-sample |