diff options
| -rw-r--r-- | doc/CHANGES | 3 | ||||
| -rw-r--r-- | security/isakmpd/Makefile | 20 | ||||
| -rw-r--r-- | security/isakmpd/distinfo | 17 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-aa | 16 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-ae | 29 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-ah | 24 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-ai | 92 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-aj | 19 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-ak | 13 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-al | 20 | ||||
| -rw-r--r-- | security/isakmpd/patches/patch-am | 22 |
11 files changed, 122 insertions, 153 deletions
diff --git a/doc/CHANGES b/doc/CHANGES index d353c2f63ef..a1afbd51335 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -1,4 +1,4 @@ -$NetBSD: CHANGES,v 1.3673 2003/10/10 09:21:10 cube Exp $ +$NetBSD: CHANGES,v 1.3674 2003/10/10 12:59:33 agc Exp $ Changes to the packages collection and infrastructure in 2003: @@ -4137,3 +4137,4 @@ Changes to the packages collection and infrastructure in 2003: Updated libnids to 1.17 [cube 2003-10-10] Updated dsniff to 2.3nb1 [cube 2003-10-10] Updated pakemon to 0.3.1nb1 [cube 2003-10-10] + Updated isakmpd to 20030903 [agc 2003-10-10] diff --git a/security/isakmpd/Makefile b/security/isakmpd/Makefile index 7bca2e2a63b..ee00493cfd8 100644 --- a/security/isakmpd/Makefile +++ b/security/isakmpd/Makefile @@ -1,9 +1,7 @@ -# $NetBSD: Makefile,v 1.29 2003/09/21 08:02:59 jmc Exp $ +# $NetBSD: Makefile,v 1.30 2003/10/10 12:56:18 agc Exp $ # -DISTNAME= isakmpd-20021118 -PKGREVISION= 2 -WRKSRC= ${WRKDIR}/isakmpd +DISTNAME= isakmpd-20030903 CATEGORIES= security net MASTER_SITES= ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/LOCAL_PORTS/ @@ -15,6 +13,8 @@ COMMENT= OpenBSD IKE daemon PKG_FAIL_REASON+= "${PKGNAME} requires ipsec-ready ${OPSYS}" .endif +WRKSRC= ${WRKDIR}/isakmpd + ALL_TARGET= depend all USE_BUILDLINK2= YES USE_PKGINSTALL= YES @@ -29,22 +29,22 @@ RCD_SCRIPT_WRK.isakmpd= ${WRKDIR}/isakmpd.sh pre-configure: @${ECHO_MSG} "Fixing references to buildlink directories" @for i in ${WRKSRC}/sysdep/netbsd/Makefile.sysdep; do \ - ${MV} $${i} $${i}.orig; \ + ${MV} $${i} $${i}.unfixed; \ ${SED} "s+@BUILDLINK_PREFIX.openssl@+${BUILDLINK_PREFIX.openssl}+g" \ - < $${i}.orig > $${i}; \ + < $${i}.unfixed > $${i}; \ done @${ECHO_MSG} "Fixing references to configuration directory" @for i in conf.h policy.h ike_auth.h; do \ - ${MV} ${WRKSRC}/$${i} ${WRKSRC}/$${i}.orig; \ + ${MV} ${WRKSRC}/$${i} ${WRKSRC}/$${i}.unfixed; \ ${SED} "s+/etc/isakmpd+${PKG_SYSCONFDIR}+g" \ - < ${WRKSRC}/$${i}.orig > ${WRKSRC}/$${i}; \ + < ${WRKSRC}/$${i}.unfixed > ${WRKSRC}/$${i}; \ done @${ECHO_MSG} "Fixing manual page references" @for i in isakmpd.8 isakmpd.conf.5 isakmpd.policy.5; do \ - ${MV} ${WRKSRC}/$${i} ${WRKSRC}/$${i}.orig; \ + ${MV} ${WRKSRC}/$${i} ${WRKSRC}/$${i}.unfixed; \ ${SED} -e "s+/usr/share/ipsec+${PREFIX}/share/examples+g" \ -e "s+/etc/isakmpd+${PKG_SYSCONFDIR}+g" \ - < ${WRKSRC}/$${i}.orig > ${WRKSRC}/$${i}; \ + < ${WRKSRC}/$${i}.unfixed > ${WRKSRC}/$${i}; \ done .include "../../security/openssl/buildlink2.mk" diff --git a/security/isakmpd/distinfo b/security/isakmpd/distinfo index 28bc18a145e..7209206eb8f 100644 --- a/security/isakmpd/distinfo +++ b/security/isakmpd/distinfo @@ -1,12 +1,13 @@ -$NetBSD: distinfo,v 1.13 2003/09/21 08:02:21 jmc Exp $ +$NetBSD: distinfo,v 1.14 2003/10/10 12:56:18 agc Exp $ -SHA1 (isakmpd-20021118.tar.gz) = 806ed2f922ccc31c9bf9d4eeec90bddc34995565 -Size (isakmpd-20021118.tar.gz) = 348169 bytes -SHA1 (patch-aa) = 22903f2d4ba4f92f716920a121d861550bd8bc51 +SHA1 (isakmpd-20030903.tar.gz) = 3400947199759a69b878ea396a598d9df174c6e8 +Size (isakmpd-20030903.tar.gz) = 358314 bytes +SHA1 (patch-aa) = 4b7b92b5f220fb263ebb972120cc577a1264ef6c SHA1 (patch-ab) = f30c790f42d72866e95092848e102e4c3728365c SHA1 (patch-ad) = 8c477b99fd3d82ccb52b01374450295cc25244c0 -SHA1 (patch-ae) = 5b7488fb50f2b3970c05e7dcfcf9979a05cb5719 -SHA1 (patch-af) = 5ef6311e2b065ee0ac61bdbd48f38d76291d68dc +SHA1 (patch-ae) = b5242b6cdbda44160444a13894eac167677b769e SHA1 (patch-ag) = f0af67b96e2f72333e79486495ce6abf1b31b9c1 -SHA1 (patch-ah) = 69f7b24995d243ac052c6b80f20945ff3346190f -SHA1 (patch-ai) = 67b85a7c52582f07ff0bacb40054361835189081 +SHA1 (patch-aj) = 16e592ec1666b70ba6726e4a20878333ca50d7c2 +SHA1 (patch-ak) = e168240460695a86533237856f3997b5c06d7805 +SHA1 (patch-al) = eb6c16bf8d98219ab5d70dc5378a47772ec4dc23 +SHA1 (patch-am) = 6220da76dcf0d2a150f8803ce5728469a4e66c31 diff --git a/security/isakmpd/patches/patch-aa b/security/isakmpd/patches/patch-aa index 3fc89651566..3881f77f85c 100644 --- a/security/isakmpd/patches/patch-aa +++ b/security/isakmpd/patches/patch-aa @@ -1,19 +1,19 @@ -$NetBSD: patch-aa,v 1.5 2001/10/22 05:51:25 martti Exp $ +$NetBSD: patch-aa,v 1.6 2003/10/10 12:56:18 agc Exp $ ---- Makefile.orig Sun Aug 26 00:22:26 2001 -+++ Makefile Thu Oct 18 11:19:22 2001 -@@ -43,8 +43,8 @@ +--- Makefile.orig Thu Aug 28 16:43:35 2003 ++++ Makefile Wed Sep 3 13:02:08 2003 +@@ -38,8 +38,8 @@ - # openbsd means OpenBSD 2.5 or newer. linux is the name for Linux with + # openbsd means OpenBSD 2.5 or newer. freeswan is the name for Linux with # FreeS/WAN integrated, freebsd/netbsd means FreeBSD/NetBSD with KAME IPsec. -OS= openbsd -#OS= netbsd +#OS= openbsd +OS= netbsd #OS= freebsd - #OS= linux + #OS= freeswan #OS= bsdi -@@ -74,7 +74,7 @@ +@@ -71,7 +71,7 @@ isakmp_num.c isakmp_num.h ipsec_fld.c ipsec_fld.h \ isakmp_fld.c isakmp_fld.h MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5 @@ -21,4 +21,4 @@ $NetBSD: patch-aa,v 1.5 2001/10/22 05:51:25 martti Exp $ +CFLAGS+= -Wall -Wmissing-prototypes \ -DNEED_SYSDEP_APP \ -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. - + #CFLAGS+= -Wsign-compare -Werror diff --git a/security/isakmpd/patches/patch-ae b/security/isakmpd/patches/patch-ae index 391e331a2bc..62bc0419d55 100644 --- a/security/isakmpd/patches/patch-ae +++ b/security/isakmpd/patches/patch-ae @@ -1,8 +1,15 @@ -$NetBSD: patch-ae,v 1.3 2002/10/25 10:00:59 wiz Exp $ +$NetBSD: patch-ae,v 1.4 2003/10/10 12:56:18 agc Exp $ ---- sysdep/netbsd/Makefile.sysdep.orig Mon Aug 13 14:33:35 2001 -+++ sysdep/netbsd/Makefile.sysdep Sat Oct 20 15:46:49 2001 -@@ -36,26 +36,20 @@ +--- sysdep/netbsd/Makefile.sysdep.orig Tue Jun 3 16:53:11 2003 ++++ sysdep/netbsd/Makefile.sysdep Wed Sep 3 13:34:57 2003 +@@ -29,32 +29,30 @@ + FEATURES= tripledes des blowfish cast ec aggressive debug x509 + FEATURES+= rawkey + # Not yet +-#FEATURES+= policy isakmp_cfg ++#FEATURES+= policy isakmp_cfg + + LIBGMP= /usr/pkg/lib/libgmp.a LIBCRYPTO= /usr/lib/libcrypto.a LIBSYSDEPDIR= ${.CURDIR}/sysdep/common/libsysdep @@ -22,24 +29,26 @@ $NetBSD: patch-ae,v 1.3 2002/10/25 10:00:59 wiz Exp $ # mandatory for gmp -CFLAGS+= -I/usr/pkg/include -LDADD+= -L/usr/pkg/lib -+CFLAGS+= -I@BUILDLINK_PREFIX.openssl@/include -I@BUILDLINK_PREFIX.openssl@/include/openssl -+LDADD+= -L@BUILDLINK_PREFIX.openssl@/lib ++CFLAGS+= -I/usr/include -I/usr/include/openssl ++LDADD+= -L/usr/lib IPSEC_SRCS= pf_key_v2.c IPSEC_CFLAGS= -DUSE_PF_KEY_V2 USE_LIBCRYPTO= defined --USE_GMP= defined + USE_GMP= defined ++.if ${FEATURES:Mpolicy} == "policy" ++USE_KEYNOTE= defined ++.endif # This is a hack in order to make sure libsysdep is built before the # linkstage of isakmpd. As a side effect the link is always done even if -@@ -73,8 +67,4 @@ +@@ -72,8 +70,4 @@ beforedepend: rm -f ssl -.if exists(/usr/pkg/include/openssl/rsa.h) - ln -sf /usr/pkg/include/openssl ssl -.elif exists(/usr/include/openssl/rsa.h) -- ln -sf /usr/include/openssl ssl + ln -sf /usr/include/openssl ssl -.endif -+ ln -sf @BUILDLINK_PREFIX.openssl@/include/openssl ssl diff --git a/security/isakmpd/patches/patch-ah b/security/isakmpd/patches/patch-ah deleted file mode 100644 index cd5110043be..00000000000 --- a/security/isakmpd/patches/patch-ah +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-ah,v 1.1 2003/09/21 08:02:23 jmc Exp $ - ---- crypto.h.orig 2003-09-21 02:42:10.000000000 +0000 -+++ crypto.h 2003-09-21 02:44:47.000000000 +0000 -@@ -49,6 +49,7 @@ - - #else - -+#include <openssl/opensslv.h> - #include <des.h> - #ifdef USE_BLOWFISH - #include <blf.h> -@@ -106,7 +107,11 @@ - u_int8_t iv2[MAXBLK]; - u_int8_t *riv, *liv; - union { -+#if OPENSSL_VERSION_NUMBER >= 0x0090702fL -+ DES_key_schedule desks[3]; -+#else - des_key_schedule desks[3]; -+#endif - #ifdef USE_BLOWFISH - blf_ctx blfks; - #endif diff --git a/security/isakmpd/patches/patch-ai b/security/isakmpd/patches/patch-ai deleted file mode 100644 index 178923b2ac2..00000000000 --- a/security/isakmpd/patches/patch-ai +++ /dev/null @@ -1,92 +0,0 @@ -$NetBSD: patch-ai,v 1.1 2003/09/21 08:02:24 jmc Exp $ - ---- crypto.c.orig 2003-09-21 02:46:15.000000000 +0000 -+++ crypto.c 2003-09-21 02:54:49.000000000 +0000 -@@ -99,8 +99,13 @@ - des1_init (struct keystate *ks, u_int8_t *key, u_int16_t len) - { - /* des_set_key returns -1 for parity problems, and -2 for weak keys */ -+#if OPENSSL_VERSION_NUMBER >= 0x0090702fL -+ DES_set_odd_parity (DC key); -+ switch (DES_set_key (DC key, &ks->ks_des[0])) -+#else - des_set_odd_parity (DC key); - switch (des_set_key (DC key, ks->ks_des[0])) -+#endif - { - case -2: - return EWEAKKEY; -@@ -112,19 +117,37 @@ - void - des1_encrypt (struct keystate *ks, u_int8_t *d, u_int16_t len) - { -+#if OPENSSL_VERSION_NUMBER >= 0x0090702fL -+ DES_cbc_encrypt (DC d, DC d, len, &ks->ks_des[0], DC ks->riv, DES_ENCRYPT); -+#else - des_cbc_encrypt (DC d, DC d, len, ks->ks_des[0], DC ks->riv, DES_ENCRYPT); -+#endif - } - - void - des1_decrypt (struct keystate *ks, u_int8_t *d, u_int16_t len) - { -+#if OPENSSL_VERSION_NUMBER >= 0x0090702fL -+ DES_cbc_encrypt (DC d, DC d, len, &ks->ks_des[0], DC ks->riv, DES_DECRYPT); -+#else - des_cbc_encrypt (DC d, DC d, len, ks->ks_des[0], DC ks->riv, DES_DECRYPT); -+#endif - } - - #ifdef USE_TRIPLEDES - enum cryptoerr - des3_init (struct keystate *ks, u_int8_t *key, u_int16_t len) - { -+#if OPENSSL_VERSION_NUMBER >= 0x0090702fL -+ DES_set_odd_parity (DC key); -+ DES_set_odd_parity (DC (key + 8)); -+ DES_set_odd_parity (DC (key + 16)); -+ -+ /* As of the draft Tripe-DES does not check for weak keys */ -+ DES_set_key (DC key, &ks->ks_des[0]); -+ DES_set_key (DC (key + 8), &ks->ks_des[1]); -+ DES_set_key (DC (key + 16), &ks->ks_des[2]); -+#else - des_set_odd_parity (DC key); - des_set_odd_parity (DC (key + 8)); - des_set_odd_parity (DC (key + 16)); -@@ -133,6 +156,7 @@ - des_set_key (DC key, ks->ks_des[0]); - des_set_key (DC (key + 8), ks->ks_des[1]); - des_set_key (DC (key + 16), ks->ks_des[2]); -+#endif - - return EOKAY; - } -@@ -143,8 +167,13 @@ - u_int8_t iv[MAXBLK]; - - memcpy (iv, ks->riv, ks->xf->blocksize); -+#if OPENSSL_VERSION_NUMBER >= 0x0090702fL -+ DES_ede3_cbc_encrypt (DC data, DC data, len, &ks->ks_des[0], &ks->ks_des[1], -+ &ks->ks_des[2], DC iv, DES_ENCRYPT); -+#else - des_ede3_cbc_encrypt (DC data, DC data, len, ks->ks_des[0], ks->ks_des[1], - ks->ks_des[2], DC iv, DES_ENCRYPT); -+#endif - } - - void -@@ -153,8 +182,13 @@ - u_int8_t iv[MAXBLK]; - - memcpy (iv, ks->riv, ks->xf->blocksize); -+#if OPENSSL_VERSION_NUMBER >= 0x0090702fL -+ DES_ede3_cbc_encrypt (DC data, DC data, len, &ks->ks_des[0], &ks->ks_des[1], -+ &ks->ks_des[2], DC iv, DES_DECRYPT); -+#else - des_ede3_cbc_encrypt (DC data, DC data, len, ks->ks_des[0], ks->ks_des[1], - ks->ks_des[2], DC iv, DES_DECRYPT); -+#endif - } - #undef DC - #endif /* USE_TRIPLEDES */ diff --git a/security/isakmpd/patches/patch-aj b/security/isakmpd/patches/patch-aj new file mode 100644 index 00000000000..f14bfa7d39c --- /dev/null +++ b/security/isakmpd/patches/patch-aj @@ -0,0 +1,19 @@ +$NetBSD: patch-aj,v 1.1 2003/10/10 12:56:18 agc Exp $ + +--- message.c 2003/10/05 02:10:45 1.1 ++++ message.c 2003/10/05 02:11:57 +@@ -1188,8 +1188,14 @@ + * Now we can validate DOI-specific exchange types. If we have no SA + * DOI-specific exchange types are definitely wrong. + */ ++#if 0 + if (exch_type >= ISAKMP_EXCH_DOI_MIN && exch_type <= ISAKMP_EXCH_DOI_MAX + && msg->exchange->doi->validate_exchange (exch_type)) ++#else ++ /* gcc 3.3.1 barfs on u_int8_t <= 255 */ ++ if (exch_type >= ISAKMP_EXCH_DOI_MIN ++ && msg->exchange->doi->validate_exchange (exch_type)) ++#endif + { + log_print ("message_recv: invalid DOI exchange type %d", exch_type); + message_drop (msg, ISAKMP_NOTIFY_INVALID_EXCHANGE_TYPE, 0, 1, 1); diff --git a/security/isakmpd/patches/patch-ak b/security/isakmpd/patches/patch-ak new file mode 100644 index 00000000000..60a3e8ba7b0 --- /dev/null +++ b/security/isakmpd/patches/patch-ak @@ -0,0 +1,13 @@ +$NetBSD: patch-ak,v 1.1 2003/10/10 12:56:18 agc Exp $ + +--- pf_key_v2.c 2003/10/05 02:13:46 1.1 ++++ pf_key_v2.c 2003/10/05 02:14:11 +@@ -747,7 +747,7 @@ + spirange.sadb_spirange_max = 0xffffffff; + } + spirange.sadb_spirange_reserved = 0; +- if (pf_key_v2_msg_add (getspi, (struct sadb_ext *)&spirange, 0) == -1) ++ if (pf_key_v2_msg_add (getspi, (struct sadb_ext *)(void *)&spirange, 0) == -1) + goto cleanup; + + ret = pf_key_v2_call (getspi); diff --git a/security/isakmpd/patches/patch-al b/security/isakmpd/patches/patch-al new file mode 100644 index 00000000000..43c0a25f4e3 --- /dev/null +++ b/security/isakmpd/patches/patch-al @@ -0,0 +1,20 @@ +$NetBSD: patch-al,v 1.1 2003/10/10 12:56:18 agc Exp $ + +--- exchange.c 2003/10/04 21:43:09 1.1 ++++ exchange.c 2003/10/04 21:48:20 +@@ -193,9 +193,15 @@ + return script_transaction; + #endif + default: ++#if 0 + if (exchange->type >= ISAKMP_EXCH_DOI_MIN + && exchange->type <= ISAKMP_EXCH_DOI_MAX) + return exchange->doi->exchange_script (exchange->type); ++#else ++ /* gcc 3.3.1 barfs on the u_int8_t <= 255 line above */ ++ if (exchange->type >= ISAKMP_EXCH_DOI_MIN) ++ return exchange->doi->exchange_script (exchange->type); ++#endif + } + return 0; + } diff --git a/security/isakmpd/patches/patch-am b/security/isakmpd/patches/patch-am new file mode 100644 index 00000000000..821e5dd7c0a --- /dev/null +++ b/security/isakmpd/patches/patch-am @@ -0,0 +1,22 @@ +$NetBSD: patch-am,v 1.1 2003/10/10 12:56:18 agc Exp $ + +--- ike_auth.c 2003/10/04 22:30:32 1.1 ++++ ike_auth.c 2003/10/04 22:35:39 +@@ -349,7 +349,7 @@ + { + case IPSEC_ID_IPV4_ADDR: + case IPSEC_ID_IPV6_ADDR: +- util_ntoa ((char **)&buf, ++ util_ntoa ((char **)(void *)&buf, + exchange->id_i[0] == IPSEC_ID_IPV4_ADDR + ? AF_INET : AF_INET6, + exchange->id_i + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ); +@@ -1056,7 +1056,7 @@ + { + case IPSEC_ID_IPV4_ADDR: + case IPSEC_ID_IPV6_ADDR: +- util_ntoa ((char **)&buf2, ++ util_ntoa ((char **)(void *)&buf2, + id[ISAKMP_ID_TYPE_OFF - ISAKMP_GEN_SZ] == IPSEC_ID_IPV4_ADDR + ? AF_INET : AF_INET6, + id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ); |