diff --git a/security/vpnc/Makefile b/security/vpnc/Makefile index 9c62e0f9698..e7e9a403cf7 100644 --- a/security/vpnc/Makefile +++ b/security/vpnc/Makefile @@ -1,9 +1,8 @@ -# $OpenBSD: Makefile,v 1.12 2007/09/15 23:30:01 merdely Exp $ +# $OpenBSD: Makefile,v 1.13 2008/04/04 21:41:27 okan Exp $ COMMENT= client for Cisco 3000 VPN concentrators -DISTNAME= vpnc-0.3.3 -PKGNAME= ${DISTNAME}p1 +DISTNAME= vpnc-0.5.1 CATEGORIES= security net HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/ @@ -25,6 +24,7 @@ NO_REGRESS= Yes do-configure: @perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c} @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh > ${WRKBUILD}/vpnc.sh + @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh > ${WRKBUILD}/split.sh do-install: ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin @@ -33,6 +33,7 @@ do-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc + ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8 diff --git a/security/vpnc/distinfo b/security/vpnc/distinfo index 6686ce6617d..e649d9c8dfa 100644 --- a/security/vpnc/distinfo +++ b/security/vpnc/distinfo @@ -1,5 +1,5 @@ -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag== -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo= -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo= -SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c= -SIZE (vpnc-0.3.3.tar.gz) = 59939 +MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw== +RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI= +SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0= +SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0= +SIZE (vpnc-0.5.1.tar.gz) = 91496 diff --git a/security/vpnc/files/split.sh b/security/vpnc/files/split.sh new file mode 100644 index 00000000000..5c22338e8ea --- /dev/null +++ b/security/vpnc/files/split.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +# this effectively disables changes to /etc/resolv.conf +INTERNAL_IP4_DNS= + +# This sets up split networking regardless +# of the concentrators specifications. +# You can add as many routes as you want, +# but you must set the counter $CISCO_SPLIT_INC +# accordingly +CISCO_SPLIT_INC=1 +CISCO_SPLIT_INC_0_ADDR=10.0.0.0 +CISCO_SPLIT_INC_0_MASK=255.255.0.0 +CISCO_SPLIT_INC_0_MASKLEN=16 +CISCO_SPLIT_INC_0_PROTOCOL=0 +CISCO_SPLIT_INC_0_SPORT=0 +CISCO_SPLIT_INC_0_DPORT=0 + +. /etc/vpnc/vpnc-script diff --git a/security/vpnc/patches/patch-Makefile b/security/vpnc/patches/patch-Makefile index b61e16c7fac..7f1bdfecdd1 100644 --- a/security/vpnc/patches/patch-Makefile +++ b/security/vpnc/patches/patch-Makefile @@ -1,16 +1,18 @@ -$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $ ---- Makefile.orig Sun May 1 22:30:35 2005 -+++ Makefile Fri Nov 4 00:03:54 2005 -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc - SBINDIR=$(PREFIX)/sbin - MANDIR=$(PREFIX)/share/man +$OpenBSD: patch-Makefile,v 1.4 2008/04/04 21:41:27 okan Exp $ +--- Makefile.orig Thu Sep 6 16:05:15 2007 ++++ Makefile Wed Sep 19 06:05:20 2007 +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION) + #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION + #OPENSSLLIBS = -lcrypto -CC=gcc --CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags) --LDFLAGS=-g $(shell libgcrypt-config --libs) -+CC?=gcc -+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags) -+LDFLAGS+=$(shell libgcrypt-config --libs) +-CFLAGS ?= -O3 -g +-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings +-CFLAGS += $(shell libgcrypt-config --cflags) ++CC ?= gcc ++CFLAGS += -W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags) + CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION) +-LDFLAGS ?= -g + LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS) - ifeq ($(shell uname -s), Linux) - SYSDEP=sysdep-linux.o + ifeq ($(shell uname -s), SunOS) diff --git a/security/vpnc/patches/patch-tunip_c b/security/vpnc/patches/patch-tunip_c deleted file mode 100644 index 5a55ccdf2cd..00000000000 --- a/security/vpnc/patches/patch-tunip_c +++ /dev/null @@ -1,21 +0,0 @@ -$OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $ ---- tunip.c.orig Thu May 5 12:25:00 2005 -+++ tunip.c Fri Nov 4 00:09:30 2005 -@@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p) - if (new_addr.sin_addr.s_addr != p->source.sin_addr.s_addr) { - char addr1[16]; - p->source.sin_addr = new_addr.sin_addr; -- strcpy(addr1, inet_ntoa(p->dest.sin_addr)); -+ strlcpy(addr1, inet_ntoa(p->dest.sin_addr), sizeof(addr1)); - syslog(LOG_NOTICE, - "local address for %s is %s", addr1, inet_ntoa(p->source.sin_addr)); - return 1; -@@ -844,7 +844,7 @@ static void vpnc_main_loop(struct peer_d - || from.sin_addr.s_addr != peer->remote_sa->dest.sin_addr.s_addr) { - /* remote end changed address */ - char addr1[16]; -- strcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr)); -+ strlcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr), sizeof(addr1)); - syslog(LOG_NOTICE, - "spi %u: remote address changed from %s to %s", - peer->remote_sa->spi, addr1, inet_ntoa(from.sin_addr)); diff --git a/security/vpnc/patches/patch-vpnc-script b/security/vpnc/patches/patch-vpnc-script index 06facf153e0..16bdeda4a72 100644 --- a/security/vpnc/patches/patch-vpnc-script +++ b/security/vpnc/patches/patch-vpnc-script @@ -1,64 +1,26 @@ -$OpenBSD: patch-vpnc-script,v 1.1 2005/11/11 19:38:07 sturm Exp $ ---- vpnc-script.orig Thu Nov 3 23:39:23 2005 -+++ vpnc-script Thu Nov 3 23:51:02 2005 -@@ -70,7 +70,7 @@ do_ifconfig() { - ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up - } +$OpenBSD: patch-vpnc-script,v 1.2 2008/04/04 21:41:27 okan Exp $ +--- vpnc-script.orig Thu Sep 6 22:05:15 2007 ++++ vpnc-script Thu Sep 13 21:53:21 2007 +@@ -108,7 +108,7 @@ destroy_tun_device() { + + # =========== route handling ==================================== -if [ -n "$IPROUTE" ]; then +if [ -x "$IPROUTE" ]; then fix_ip_get_output () { - sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g' + sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g' } -@@ -117,7 +117,11 @@ if [ -n "$IPROUTE" ]; then - } - else - get_default_gw() { -- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}' -+ if [ "$OS" = "OpenBSD" ]; then -+ netstat -r -n | grep '^default' | awk '{print $2}' -+ else -+ netstat -r -n | grep '^0.0.0.0' | awk '{print $2}' -+ fi - } - - set_vpngateway_route() { -@@ -215,15 +219,21 @@ do_connect() { - echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done - echo - fi -- -+ -+ if [ ! -d /var/run/vpnc ]; then -+ mkdir /var/run/vpnc || exit $? -+ fi -+ - do_ifconfig - set_vpngateway_route - if [ -n "$CISCO_SPLIT_INC" ]; then -- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do -+ i=0 -+ while [ $i -lt $CISCO_SPLIT_INC ]; do - eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" - eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" - eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" - set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" -+ i=`expr $i + 1` - done - for i in $INTERNAL_IP4_DNS ; do - set_network_route "$i" "255.255.255.255" "32" -@@ -239,11 +249,13 @@ do_connect() { - - do_disconnect() { - if [ -n "$CISCO_SPLIT_INC" ]; then -- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do -+ i=0 -+ while [ $i -lt $CISCO_SPLIT_INC ]; do - eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" - eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" - eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" - del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" -+ i=`expr $i + 1` - done - for i in $INTERNAL_IP4_DNS ; do - del_network_route "$i" "255.255.255.255" "32" +@@ -195,6 +195,13 @@ else # use route command + case "$OS" in + Linux|NetBSD) # and probably others... + # routes are deleted automatically on device shutdown ++ return ++ ;; ++ OpenBSD) ++ # delete only routes that are present ++ if [ `route -n get $1|grep $2|wc -l` -ne 0 ]; then ++ route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" ++ fi + return + ;; + esac diff --git a/security/vpnc/patches/patch-vpnc_c b/security/vpnc/patches/patch-vpnc_c index 6441e1d6f5c..51d000190b4 100644 --- a/security/vpnc/patches/patch-vpnc_c +++ b/security/vpnc/patches/patch-vpnc_c @@ -1,7 +1,7 @@ -$OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $ ---- vpnc.c.orig Fri Nov 4 00:09:49 2005 -+++ vpnc.c Fri Nov 4 00:11:03 2005 -@@ -196,10 +196,11 @@ static void addenv(const void *name, con +$OpenBSD: patch-vpnc_c,v 1.3 2008/04/04 21:41:27 okan Exp $ +--- vpnc.c.orig Mon Sep 10 15:39:48 2007 ++++ vpnc.c Wed Sep 12 16:47:27 2007 +@@ -159,10 +159,11 @@ static void addenv(const void *name, const char *value oldval = getenv(name); if (oldval != NULL) { diff --git a/security/vpnc/patches/patch-vpnc_conf b/security/vpnc/patches/patch-vpnc_conf new file mode 100644 index 00000000000..24dfc2eb679 --- /dev/null +++ b/security/vpnc/patches/patch-vpnc_conf @@ -0,0 +1,10 @@ +$OpenBSD: patch-vpnc_conf,v 1.1 2008/04/04 21:41:27 okan Exp $ +--- vpnc.conf.orig Thu Sep 13 22:40:00 2007 ++++ vpnc.conf Thu Sep 13 22:39:04 2007 +@@ -4,3 +4,6 @@ IPSec secret + IKE Authmode hybrid + Xauth username + Xauth password ++ ++# run script to manipulate dns and routing settings ++#Script /etc/vpnc/split.sh diff --git a/security/vpnc/pkg/PLIST b/security/vpnc/pkg/PLIST index 3d07faacc30..0d5ee9ffce3 100644 --- a/security/vpnc/pkg/PLIST +++ b/security/vpnc/pkg/PLIST @@ -1,10 +1,14 @@ -@comment $OpenBSD: PLIST,v 1.5 2006/06/29 17:26:15 steven Exp $ +@comment $OpenBSD: PLIST,v 1.6 2008/04/04 21:41:27 okan Exp $ @man man/man8/vpnc.8 sbin/vpnc share/doc/vpnc/ share/doc/vpnc/README share/examples/vpnc/ @sample ${SYSCONFDIR}/vpnc/ +share/examples/vpnc/split.sh +@mode 0755 +@sample ${SYSCONFDIR}/vpnc/split.sh +@mode share/examples/vpnc/vpnc-script @mode 0755 @sample ${SYSCONFDIR}/vpnc/vpnc-script