On Tue, Oct 09, 2007 at 09:08:42AM +0200, Thomas Schoeller wrote:
> hello,
> any doubts this could go in?
> could someone commit this?
>
> thanks
> thomas
>
> On Fri, Oct 05, 2007 at 03:54:37PM +0200, Thomas Schoeller wrote:
> > On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote:
> > >
> > > can you send a diff -u with those in please? (I usually 'cvs diff -RuN'
> > > against an anoncvs server or local mirrored repository, which includes the
> > > version information, is easy to read and apply, and handles added/removed
> > > files nicely, but any 'diff -u' would be good)
> > >
> >
> > here is a updated diff.
> >
> > thank you stuart.
> >
>
new diff that not revert 1.12
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/vpnc/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile 15 Sep 2007 23:30:01 -0000 1.12
+++ Makefile 11 Oct 2007 19:27:59 -0000
@@ -2,8 +2,7 @@
COMMENT= client for Cisco 3000 VPN concentrators
-DISTNAME= vpnc-0.3.3
-PKGNAME= ${DISTNAME}p1
+DISTNAME= vpnc-0.5.1
CATEGORIES= security net
HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
@@ -22,9 +21,15 @@
USE_GMAKE= Yes
NO_REGRESS= Yes
+# amd64 works only with -O0
+.if ${MACHINE_ARCH} == "amd64"
+CFLAGS+= -O0
+.endif
+
do-configure:
@perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh >
${WRKBUILD}/vpnc.sh
+ @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh >
${WRKBUILD}/split.sh
do-install:
${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
@@ -33,6 +38,7 @@
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
+ ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/vpnc/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- distinfo 5 Apr 2007 17:26:10 -0000 1.6
+++ distinfo 11 Oct 2007 19:27:59 -0000
@@ -1,5 +1,5 @@
-MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
-RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
-SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
-SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
-SIZE (vpnc-0.3.3.tar.gz) = 59939
+MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
+RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
+SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
+SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
+SIZE (vpnc-0.5.1.tar.gz) = 91496
Index: files/split.sh
===================================================================
RCS file: files/split.sh
diff -N files/split.sh
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/split.sh 11 Oct 2007 19:27:59 -0000
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# this effectively disables changes to /etc/resolv.conf
+INTERNAL_IP4_DNS=
+
+# This sets up split networking regardless
+# of the concentrators specifications.
+# You can add as many routes as you want,
+# but you must set the counter $CISCO_SPLIT_INC
+# accordingly
+CISCO_SPLIT_INC=1
+CISCO_SPLIT_INC_0_ADDR=10.0.0.0
+CISCO_SPLIT_INC_0_MASK=255.255.0.0
+CISCO_SPLIT_INC_0_MASKLEN=16
+CISCO_SPLIT_INC_0_PROTOCOL=0
+CISCO_SPLIT_INC_0_SPORT=0
+CISCO_SPLIT_INC_0_DPORT=0
+
+. /etc/vpnc/vpnc-script
Index: patches/patch-Makefile
===================================================================
RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v
retrieving revision 1.3
diff -u -r1.3 patch-Makefile
--- patches/patch-Makefile 11 Nov 2005 19:38:07 -0000 1.3
+++ patches/patch-Makefile 11 Oct 2007 19:27:59 -0000
@@ -1,16 +1,18 @@
$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
---- Makefile.orig Sun May 1 22:30:35 2005
-+++ Makefile Fri Nov 4 00:03:54 2005
-@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
- SBINDIR=$(PREFIX)/sbin
- MANDIR=$(PREFIX)/share/man
+--- Makefile.orig Thu Sep 6 16:05:15 2007
++++ Makefile Wed Sep 19 06:05:20 2007
+@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
+ #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
+ #OPENSSLLIBS = -lcrypto
-CC=gcc
--CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell
libgcrypt-config --cflags)
--LDFLAGS=-g $(shell libgcrypt-config --libs)
-+CC?=gcc
-+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config
--cflags)
-+LDFLAGS+=$(shell libgcrypt-config --libs)
+-CFLAGS ?= -O3 -g
+-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
+-CFLAGS += $(shell libgcrypt-config --cflags)
++CC ?= gcc
++CFLAGS += -W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell
libgcrypt-config --cflags)
+ CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION)
+-LDFLAGS ?= -g
+ LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS)
- ifeq ($(shell uname -s), Linux)
- SYSDEP=sysdep-linux.o
+ ifeq ($(shell uname -s), SunOS)
Index: patches/patch-tunip_c
===================================================================
RCS file: patches/patch-tunip_c
diff -N patches/patch-tunip_c
--- patches/patch-tunip_c 11 Nov 2005 19:38:07 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $
---- tunip.c.orig Thu May 5 12:25:00 2005
-+++ tunip.c Fri Nov 4 00:09:30 2005
-@@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p)
- if (new_addr.sin_addr.s_addr != p->source.sin_addr.s_addr) {
- char addr1[16];
- p->source.sin_addr = new_addr.sin_addr;
-- strcpy(addr1, inet_ntoa(p->dest.sin_addr));
-+ strlcpy(addr1, inet_ntoa(p->dest.sin_addr), sizeof(addr1));
- syslog(LOG_NOTICE,
- "local address for %s is %s", addr1,
inet_ntoa(p->source.sin_addr));
- return 1;
-@@ -844,7 +844,7 @@ static void vpnc_main_loop(struct peer_d
- || from.sin_addr.s_addr !=
peer->remote_sa->dest.sin_addr.s_addr) {
- /* remote end changed address */
- char addr1[16];
-- strcpy(addr1,
inet_ntoa(peer->remote_sa->dest.sin_addr));
-+ strlcpy(addr1,
inet_ntoa(peer->remote_sa->dest.sin_addr), sizeof(addr1));
- syslog(LOG_NOTICE,
- "spi %u: remote address changed from %s
to %s",
- peer->remote_sa->spi, addr1,
inet_ntoa(from.sin_addr));
Index: patches/patch-vpnc-script
===================================================================
RCS file: /cvs/ports/security/vpnc/patches/patch-vpnc-script,v
retrieving revision 1.1
diff -u -r1.1 patch-vpnc-script
--- patches/patch-vpnc-script 11 Nov 2005 19:38:07 -0000 1.1
+++ patches/patch-vpnc-script 11 Oct 2007 19:27:59 -0000
@@ -1,64 +1,26 @@
$OpenBSD: patch-vpnc-script,v 1.1 2005/11/11 19:38:07 sturm Exp $
---- vpnc-script.orig Thu Nov 3 23:39:23 2005
-+++ vpnc-script Thu Nov 3 23:51:02 2005
-@@ -70,7 +70,7 @@ do_ifconfig() {
- ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp
"$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
- }
+--- vpnc-script.orig Thu Sep 6 22:05:15 2007
++++ vpnc-script Thu Sep 13 21:53:21 2007
+@@ -108,7 +108,7 @@ destroy_tun_device() {
+
+ # =========== route handling ====================================
-if [ -n "$IPROUTE" ]; then
+if [ -x "$IPROUTE" ]; then
fix_ip_get_output () {
- sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
- }
-@@ -117,7 +117,11 @@ if [ -n "$IPROUTE" ]; then
+ sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit
[0-9]\+//g'
}
- else
- get_default_gw() {
-- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
-+ if [ "$OS" = "OpenBSD" ]; then
-+ netstat -r -n | grep '^default' | awk '{print $2}'
-+ else
-+ netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
-+ fi
- }
-
- set_vpngateway_route() {
-@@ -215,15 +219,21 @@ do_connect() {
- echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ;
done
- echo
- fi
--
-+
-+ if [ ! -d /var/run/vpnc ]; then
-+ mkdir /var/run/vpnc || exit $?
-+ fi
-+
- do_ifconfig
- set_vpngateway_route
- if [ -n "$CISCO_SPLIT_INC" ]; then
-- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
-+ i=0
-+ while [ $i -lt $CISCO_SPLIT_INC ]; do
- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
- set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
-+ i=`expr $i + 1`
- done
- for i in $INTERNAL_IP4_DNS ; do
- set_network_route "$i" "255.255.255.255" "32"
-@@ -239,11 +249,13 @@ do_connect() {
-
- do_disconnect() {
- if [ -n "$CISCO_SPLIT_INC" ]; then
-- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
-+ i=0
-+ while [ $i -lt $CISCO_SPLIT_INC ]; do
- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
- del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
-+ i=`expr $i + 1`
- done
- for i in $INTERNAL_IP4_DNS ; do
- del_network_route "$i" "255.255.255.255" "32"
+@@ -195,6 +195,13 @@ else # use route command
+ case "$OS" in
+ Linux|NetBSD) # and probably others...
+ # routes are deleted automatically on device shutdown
++ return
++ ;;
++ OpenBSD)
++ # delete only routes that are present
++ if [ `route -n get $1|grep $2|wc -l` -ne 0 ]; then
++ route $route_syntax_del -net "$NETWORK"
$route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
++ fi
+ return
+ ;;
+ esac
Index: patches/patch-vpnc_c
===================================================================
RCS file: /cvs/ports/security/vpnc/patches/patch-vpnc_c,v
retrieving revision 1.2
diff -u -r1.2 patch-vpnc_c
--- patches/patch-vpnc_c 11 Nov 2005 19:38:07 -0000 1.2
+++ patches/patch-vpnc_c 11 Oct 2007 19:27:59 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $
---- vpnc.c.orig Fri Nov 4 00:09:49 2005
-+++ vpnc.c Fri Nov 4 00:11:03 2005
-@@ -196,10 +196,11 @@ static void addenv(const void *name, con
+--- vpnc.c.orig Mon Sep 10 15:39:48 2007
++++ vpnc.c Wed Sep 12 16:47:27 2007
+@@ -159,10 +159,11 @@ static void addenv(const void *name, const char *value
oldval = getenv(name);
if (oldval != NULL) {
Index: patches/patch-vpnc_conf
===================================================================
RCS file: patches/patch-vpnc_conf
diff -N patches/patch-vpnc_conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-vpnc_conf 11 Oct 2007 19:27:59 -0000
@@ -0,0 +1,10 @@
+$OpenBSD$
+--- vpnc.conf.orig Thu Sep 13 22:40:00 2007
++++ vpnc.conf Thu Sep 13 22:39:04 2007
+@@ -4,3 +4,6 @@ IPSec secret <group-psk>
+ IKE Authmode hybrid
+ Xauth username <username>
+ Xauth password <password>
++
++# run script to manipulate dns and routing settings
++#Script /etc/vpnc/split.sh
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/vpnc/pkg/PLIST,v
retrieving revision 1.5
diff -u -r1.5 PLIST
--- pkg/PLIST 29 Jun 2006 17:26:15 -0000 1.5
+++ pkg/PLIST 11 Oct 2007 19:27:59 -0000
@@ -8,6 +8,9 @@
share/examples/vpnc/vpnc-script
@mode 0755
@sample ${SYSCONFDIR}/vpnc/vpnc-script
+share/examples/vpnc/split.sh
[EMAIL PROTECTED] 0755
[EMAIL PROTECTED] ${SYSCONFDIR}/vpnc/split.sh
@mode
share/examples/vpnc/vpnc.conf
@mode 0600
