cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to vpnc 0.3.3

Browse Source 
from uwe
This commit is contained in:
sturm 2005-11-11 19:38:07 +00:00
parent 8e7223d0bd
commit 3ab4b863e7
9 changed files with 118 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
security/vpnc/Makefile
View File

@ -1,9 +1,8 @@
# $OpenBSD: Makefile,v 1.7 2005/05/05 10:54:48 sturm Exp $
# $OpenBSD: Makefile,v 1.8 2005/11/11 19:38:07 sturm Exp $
COMMENT= "client for Cisco 3000 VPN concentrators"
DISTNAME= vpnc-0.3.2
PKGNAME= ${DISTNAME}p2
DISTNAME= vpnc-0.3.3
CATEGORIES= security net
HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
@ -24,8 +23,6 @@ LIB_DEPENDS= gcrypt.12:libgcrypt->=1.2:security/libgcrypt
USE_GMAKE= Yes
NO_REGRESS= Yes
ALL_TARGET= vpnc
do-configure:
@perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh > ${WRKBUILD}/vpnc.sh
@ -36,6 +33,7 @@ do-install:
${INSTALL_DATA} ${WRKBUILD}/README ${PREFIX}/share/doc/vpnc
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
.include <bsd.port.mk>

8
security/vpnc/distinfo
View File

@ -1,4 +1,4 @@
MD5 (vpnc-0.3.2.tar.gz) = aaccdffc5656095a45dfe87c5bf612cb
RMD160 (vpnc-0.3.2.tar.gz) = 50700b7abdb5699235febf794578abc4c0b6b930
SHA1 (vpnc-0.3.2.tar.gz) = 71276f606ff56108797654cf4711bef4b3c34d88
SIZE (vpnc-0.3.2.tar.gz) = 56669
MD5 (vpnc-0.3.3.tar.gz) = e7518cff21326fe7eb9795b60c25ae6a
RMD160 (vpnc-0.3.3.tar.gz) = ffcb229fb8cac18f8d6dea0e67f88cec420f31da
SHA1 (vpnc-0.3.3.tar.gz) = 95559e1c5b1f4bc78dc1a0b9f95e1a2d65a84c0a
SIZE (vpnc-0.3.3.tar.gz) = 59939

8
security/vpnc/patches/patch-Makefile
View File

@ -1,7 +1,7 @@
$OpenBSD: patch-Makefile,v 1.2 2004/11/20 12:41:37 sturm Exp $
--- Makefile.orig Sat Nov 13 00:23:36 2004
+++ Makefile Sat Nov 13 13:24:06 2004
@@ -21,9 +21,9 @@ PREFIX=/usr/local
$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
--- Makefile.orig Sun May 1 22:30:35 2005
+++ Makefile Fri Nov 4 00:03:54 2005
@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
SBINDIR=$(PREFIX)/sbin
MANDIR=$(PREFIX)/share/man

23
security/vpnc/patches/patch-config_c
View File

@ -1,23 +0,0 @@
$OpenBSD: patch-config_c,v 1.2 2005/05/05 10:54:48 sturm Exp $
--- config.c.orig Mon Nov 22 01:11:48 2004
+++ config.c Wed May 4 19:58:23 2005
@@ -352,7 +352,7 @@ static void print_desc(const char *pre,
const char *p, *q;
for (p = text, q = strchr(p, '\n'); q; p = q+1, q = strchr(p, '\n'))
- printf("%s%.*s\n", pre, q-p, p);
+ printf("%s%.*s\n", pre, (int)(q-p), p);
if (*p != '\0')
printf("%s%s\n", pre, p);
@@ -423,8 +423,9 @@ static void print_version(void)
void do_config(int argc, char **argv)
{
char *s;
- int i, c, known, s_len;
+ int i, c, known;
int print_config = 0;
+ size_t s_len;
for (i = 1; i < argc; i++) {
if (argv[i][0] != '-') {

40
security/vpnc/patches/patch-isakmp-pkt_c
View File

@ -1,40 +0,0 @@
$OpenBSD: patch-isakmp-pkt_c,v 1.1 2005/03/08 06:38:08 sturm Exp $
--- isakmp-pkt.c.orig Sun Nov 21 23:15:41 2004
+++ isakmp-pkt.c Mon Mar 7 23:09:24 2005
@@ -293,14 +293,14 @@ struct isakmp_packet *new_isakmp_packet(
struct isakmp_payload *new_isakmp_payload(uint8_t type)
{
- struct isakmp_payload *result = xallocc(sizeof(struct isakmp_packet));
+ struct isakmp_payload *result = xallocc(sizeof(struct isakmp_payload));
result->type = type;
return result;
}
struct isakmp_payload *new_isakmp_data_payload(uint8_t type, const void *data, size_t data_length)
{
- struct isakmp_payload *result = xallocc(sizeof(struct isakmp_packet));
+ struct isakmp_payload *result = xallocc(sizeof(struct isakmp_payload));
if (type != ISAKMP_PAYLOAD_KE && type != ISAKMP_PAYLOAD_HASH
&& type != ISAKMP_PAYLOAD_SIG && type != ISAKMP_PAYLOAD_NONCE
@@ -697,7 +697,7 @@ struct isakmp_packet *parse_isakmp_packe
size_t isakmp_data_len;
if (data_len < ISAKMP_PAYLOAD_O) {
- DEBUG(2, printf("packet to short: len = %d < min = %d\n", data_len, ISAKMP_PAYLOAD_O));
+ DEBUG(2, printf("packet to short: len = %lu < min = %d\n", (unsigned long)data_len, ISAKMP_PAYLOAD_O));
reason = ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS;
goto error;
}
@@ -730,8 +730,8 @@ struct isakmp_packet *parse_isakmp_packe
isakmp_data_len = fetch4();
hex_dump("len", &isakmp_data_len, UINT32);
if (o_data_len != isakmp_data_len) {
- DEBUG(2, printf("isakmp length does not match packet length: isakmp = %d != datalen = %d\n",
- isakmp_data_len, o_data_len));
+ DEBUG(2, printf("isakmp length does not match packet length: isakmp = %lu != datalen = %lu\n",
+ (unsigned long)isakmp_data_len, (unsigned long)o_data_len));
reason = ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS;
goto error;
}

135
security/vpnc/patches/patch-tunip_c
View File

@ -1,120 +1,21 @@
$OpenBSD: patch-tunip_c,v 1.2 2005/05/05 10:54:48 sturm Exp $
--- tunip.c.orig Wed Nov 17 21:23:43 2004
+++ tunip.c Wed May 4 20:25:47 2005
@@ -87,8 +87,8 @@ struct sa_desc {
unsigned char use_fallback; /* use initial address as fallback? */
unsigned char use_dest; /* is dest address known yet? */
- unsigned long spi; /* security parameters index */
- unsigned long seq_id; /* for replay protection (not implemented) */
+ uint32_t spi; /* security parameters index */
+ uint32_t seq_id; /* for replay protection (not implemented) */
/* Encryption key */
const unsigned char *enc_secret;
@@ -118,8 +118,8 @@ struct peer_desc {
/* A real ESP header (RFC 2406) */
typedef struct esp_encap_header {
- unsigned long spi; /* security parameters index */
- unsigned long seq_id; /* sequence id (unimplemented) */
+ uint32_t spi; /* security parameters index */
+ uint32_t seq_id; /* sequence id (unimplemented) */
/* variable-length payload data + padding */
/* unsigned char next_header */
/* optional auth data */
@@ -136,7 +136,7 @@ struct encap_method {
unsigned int bufsize, bufpayload, var_header_size;
int buflen;
struct sockaddr_in from;
- int fromlen;
+ socklen_t fromlen;
int (*recv) (struct encap_method * encap,
unsigned char *buf, unsigned int bufsize, struct sockaddr_in * from);
@@ -151,7 +151,7 @@ void encap_esp_send_peer(struct encap_me
struct peer_desc *peer, unsigned char *buf, unsigned int bufsize);
void encap_udp_send_peer(struct encap_method *encap,
struct peer_desc *peer, unsigned char *buf, unsigned int bufsize);
-struct peer_desc *peer_find(unsigned long spi, struct encap_method *encap);
+struct peer_desc *peer_find(uint32_t spi, struct encap_method *encap);
int encap_esp_recv_peer(struct encap_method *encap, struct peer_desc *peer);
/* Yuck! Global variables... */
@@ -220,7 +220,7 @@ u_short in_cksum(addr, len)
int encap_rawip_recv(struct encap_method *encap,
unsigned char *buf, unsigned int bufsize, struct sockaddr_in *from)
{
- int r;
+ ssize_t r;
struct ip *p = (struct ip *)buf;
encap->fromlen = sizeof(encap->from);
@@ -268,7 +268,7 @@ int encap_udp_recv(struct encap_method *
unsigned char *buf, unsigned int bufsize,
struct sockaddr_in *from)
{
- int r;
+ ssize_t r;
encap->fromlen = sizeof(encap->from);
@@ -447,11 +447,11 @@ int update_sa_addr(struct sa_desc *p)
/*
* Find the peer record associated with a given local SPI.
*/
-struct peer_desc *peer_find(unsigned long spi, struct encap_method *encap)
+struct peer_desc *peer_find(uint32_t spi, struct encap_method *encap)
{
if (vpnpeer.local_sa->spi == spi && vpnpeer.local_sa->em == encap)
return &vpnpeer;
- syslog(LOG_ALERT, "unknown spi %ld", spi);
+ syslog(LOG_ALERT, "unknown spi %u", spi);
return NULL;
}
@@ -623,7 +623,7 @@ void encap_esp_send_peer(struct encap_me
return;
}
if (sent != encap->buflen)
- syslog(LOG_ALERT, "truncated out (%d out of %d)", sent, encap->buflen);
+ syslog(LOG_ALERT, "truncated out (%ld out of %d)", (long)sent, encap->buflen);
}
/*
@@ -659,8 +659,8 @@ void encap_udp_send_peer(struct encap_me
return;
}
if (sent != encap->buflen)
- syslog(LOG_ALERT, "truncated out (%Zd out of %Zd)",
- sent, encap->buflen);
+ syslog(LOG_ALERT, "truncated out (%ld out of %d)",
+ (long)sent, encap->buflen);
}
int encap_esp_recv_peer(struct encap_method *encap, struct peer_desc *peer)
@@ -686,6 +686,7 @@ int encap_esp_recv_peer(struct encap_met
/* Handle optional authentication field */
if (peer->local_sa->md_algo) {
len -= 12; /*gcry_md_get_algo_dlen(peer->local_sa->md_algo); */
+ encap->buflen -= 12;
if (hmac_compute(peer->local_sa->md_algo,
encap->buf + encap->bufpayload,
encap->fixed_header_size + encap->var_header_size + len,
@@ -748,6 +749,7 @@ int encap_esp_recv_peer(struct encap_met
printf("pad len: %d, next_header: %d\n", padlen, next_header);
#endif
len -= padlen + 2;
+ encap->buflen -= padlen + 2;
/* Check padding */
pad = encap->buf + encap->bufpayload
@@ -838,7 +840,7 @@ static void vpnc_main_loop(struct peer_d
$OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $
--- tunip.c.orig Thu May 5 12:25:00 2005
+++ tunip.c Fri Nov 4 00:09:30 2005
@@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p)
if (new_addr.sin_addr.s_addr != p->source.sin_addr.s_addr) {
char addr1[16];
strcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr));
p->source.sin_addr = new_addr.sin_addr;
- strcpy(addr1, inet_ntoa(p->dest.sin_addr));
+ strlcpy(addr1, inet_ntoa(p->dest.sin_addr), sizeof(addr1));
syslog(LOG_NOTICE,
- "spi %ld: remote address changed from %s to %s",
+ "spi %u: remote address changed from %s to %s",
"local address for %s is %s", addr1, inet_ntoa(p->source.sin_addr));
return 1;
@@ -844,7 +844,7 @@ static void vpnc_main_loop(struct peer_d
|| from.sin_addr.s_addr != peer->remote_sa->dest.sin_addr.s_addr) {
/* remote end changed address */
char addr1[16];
- strcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr));
+ strlcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr), sizeof(addr1));
syslog(LOG_NOTICE,
"spi %u: remote address changed from %s to %s",
peer->remote_sa->spi, addr1, inet_ntoa(from.sin_addr));
peer->remote_sa->dest.sin_addr.s_addr = from.sin_addr.s_addr;
peer->remote_sa->use_dest = 1;

64
security/vpnc/patches/patch-vpnc-script Normal file
View File

@ -0,0 +1,64 @@
$OpenBSD: patch-vpnc-script,v 1.1 2005/11/11 19:38:07 sturm Exp $
--- vpnc-script.orig Thu Nov 3 23:39:23 2005
+++ vpnc-script Thu Nov 3 23:51:02 2005
@@ -70,7 +70,7 @@ do_ifconfig() {
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
}
-if [ -n "$IPROUTE" ]; then
+if [ -x "$IPROUTE" ]; then
fix_ip_get_output () {
sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
}
@@ -117,7 +117,11 @@ if [ -n "$IPROUTE" ]; then
}
else
get_default_gw() {
- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
+ if [ "$OS" = "OpenBSD" ]; then
+ netstat -r -n | grep '^default' | awk '{print $2}'
+ else
+ netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
+ fi
}
set_vpngateway_route() {
@@ -215,15 +219,21 @@ do_connect() {
echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
echo
fi
-
+
+ if [ ! -d /var/run/vpnc ]; then
+ mkdir /var/run/vpnc || exit $?
+ fi
+
do_ifconfig
set_vpngateway_route
if [ -n "$CISCO_SPLIT_INC" ]; then
- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+ i=0
+ while [ $i -lt $CISCO_SPLIT_INC ]; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+ i=`expr $i + 1`
done
for i in $INTERNAL_IP4_DNS ; do
set_network_route "$i" "255.255.255.255" "32"
@@ -239,11 +249,13 @@ do_connect() {
do_disconnect() {
if [ -n "$CISCO_SPLIT_INC" ]; then
- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+ i=0
+ while [ $i -lt $CISCO_SPLIT_INC ]; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+ i=`expr $i + 1`
done
for i in $INTERNAL_IP4_DNS ; do
del_network_route "$i" "255.255.255.255" "32"

27
security/vpnc/patches/patch-vpnc_c
View File

@ -1,14 +1,19 @@
$OpenBSD: patch-vpnc_c,v 1.1 2005/03/08 06:38:08 sturm Exp $
--- vpnc.c.orig Mon Nov 22 01:12:02 2004
+++ vpnc.c Mon Mar 7 23:06:44 2005
@@ -468,8 +468,8 @@ static uint16_t unpack_verify_phase2(str
*r_p = NULL;
$OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $
--- vpnc.c.orig Fri Nov 4 00:09:49 2005
+++ vpnc.c Fri Nov 4 00:11:03 2005
@@ -196,10 +196,11 @@ static void addenv(const void *name, con
if (r_length < ISAKMP_PAYLOAD_O || ((r_length - ISAKMP_PAYLOAD_O) % s->ivlen != 0)) {
- DEBUG(2, printf("payload to short or not padded: len=%d, min=%d (ivlen=%d)\n",
- r_length, ISAKMP_PAYLOAD_O, s->ivlen));
+ DEBUG(2, printf("payload to short or not padded: len=%lu, min=%d (ivlen=%lu)\n",
+ (unsigned long)r_length, ISAKMP_PAYLOAD_O, (unsigned long)s->ivlen));
return ISAKMP_N_UNEQUAL_PAYLOAD_LENGTHS;
oldval = getenv(name);
if (oldval != NULL) {
- strbuf = xallocc(strlen(oldval) + 1 + strlen(value) + 1);
- strcat(strbuf, oldval);
- strcat(strbuf, " ");
- strcat(strbuf, value);
+ size_t sz = strlen(oldval) + 1 + strlen(value) + 1;
+ strbuf = xallocc(sz);
+ strlcpy(strbuf, oldval, sz);
+ strlcat(strbuf, " ", sz);
+ strlcat(strbuf, value, sz);
}
setenv(name, strbuf ? strbuf : value, 1);

11
security/vpnc/pkg/PLIST
View File

@ -1,8 +1,15 @@
@comment $OpenBSD: PLIST,v 1.3 2004/09/24 09:35:36 espie Exp $
@comment $OpenBSD: PLIST,v 1.4 2005/11/11 19:38:07 sturm Exp $
sbin/vpnc
share/doc/vpnc/
share/doc/vpnc/README
share/examples/vpnc/
@sample ${SYSCONFDIR}/vpnc/
share/examples/vpnc/vpnc-script
@mode 0755
@sample ${SYSCONFDIR}/vpnc/vpnc-script
@mode
share/examples/vpnc/vpnc.conf
@sample ${SYSCONFDIR}/vpnc.conf
@mode 0600
@sample ${SYSCONFDIR}/vpnc/vpnc.conf
@mode
share/examples/vpnc/vpnc.sh