[pkgsrc/trunk]: pkgsrc/security Remove ipsec-tools.

[nia <nia%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d206c4484b9a
branches:  trunk
changeset: 443892:d206c4484b9a
user:      nia <nia%pkgsrc.org@localhost>
date:      Thu Dec 31 17:01:25 2020 +0000

description:
Remove ipsec-tools.

"Important Note
The development of ipsec-tools has been ABANDONED.

ipsec-tools has security issues, and you should not use it. Please switch to a secure alternative!"

security/racoon2 provides an alternative that works with modern OS releases.

diffstat:

 security/Makefile                                      |   3 +-
 security/ipsec-tools/DESCR                             |   9 -
 security/ipsec-tools/Makefile                          |  91 ------------------
 security/ipsec-tools/PLIST                             |  48 ---------
 security/ipsec-tools/distinfo                          |   7 -
 security/ipsec-tools/patches/patch-src_racoon_gssapi.c |  19 ---
 6 files changed, 1 insertions(+), 176 deletions(-)

diffs (211 lines):

diff -r 0dd2005d90f9 -r d206c4484b9a security/Makefile
--- a/security/Makefile Thu Dec 31 15:32:00 2020 +0000
+++ b/security/Makefile Thu Dec 31 17:01:25 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.792 2020/12/21 14:48:42 mef Exp $
+# $NetBSD: Makefile,v 1.793 2020/12/31 17:01:25 nia Exp $
 #
 
 COMMENT=       Security tools
@@ -140,7 +140,6 @@
 SUBDIR+=       hydan
 SUBDIR+=       hydra
 SUBDIR+=       ike-scan
-SUBDIR+=       ipsec-tools
 SUBDIR+=       ipv6-toolkit
 SUBDIR+=       isakmpd
 SUBDIR+=       jessie
diff -r 0dd2005d90f9 -r d206c4484b9a security/ipsec-tools/DESCR
--- a/security/ipsec-tools/DESCR        Thu Dec 31 15:32:00 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,9 +0,0 @@
-racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
-establish IPsec security association with other hosts.
-
-This is based on KAME racoon, with some enhancements such as
-NAT-Traversal (needs kernel support), hybrid authentication,
-ISAKMP mode config, RADIUS support, IKE fragmentation and others.
-
-Ipsec-tools' racoon is able to act as a VPN server for the
-Cisco VPN client using hybrid authentication.
diff -r 0dd2005d90f9 -r d206c4484b9a security/ipsec-tools/Makefile
--- a/security/ipsec-tools/Makefile     Thu Dec 31 15:32:00 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,91 +0,0 @@
-# $NetBSD: Makefile,v 1.40 2020/03/20 11:58:16 nia Exp $
-
-DISTNAME=              ipsec-tools-0.7.3
-PKGREVISION=           5
-CATEGORIES=            security
-MASTER_SITES=          ${MASTER_SITE_NETBSD:=ipsec-tools/}
-EXTRACT_SUFX=          .tar.bz2
-
-MAINTAINER=            pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE=              http://ipsec-tools.sourceforge.net/
-COMMENT=               IPsec-tools racoon IKE daemon
-
-ONLY_FOR_PLATFORM=     NetBSD-[3-9].*-* FreeBSD-[5-9].*-* Linux-2.[6-9].*-*
-
-USE_PKGLOCALEDIR=      yes
-USE_LIBTOOL=           yes
-GNU_CONFIGURE=         yes
-
-PKG_OPTIONS_VAR=       PKG_OPTIONS.ipsec-tools
-PKG_SUPPORTED_OPTIONS= radius
-PKG_SUGGESTED_OPTIONS= radius
-
-.include "../../mk/bsd.options.mk"
-
-.if !empty(PKG_OPTIONS:Mradius)
-.  include "../../net/libradius/buildlink3.mk"
-CONFIGURE_ARGS+=       --with-libradius
-LIBS+=                 ${BUILDLINK_LDADD.libradius}
-.endif
-
-.if exists(/usr/include/security/pam_modules.h)
-CONFIGURE_ARGS+=       --with-libpam
-.endif
-
-CONFIGURE_ARGS+=       --enable-frag --enable-hybrid
-CONFIGURE_ARGS+=       --enable-adminport --enable-dpd
-CONFIGURE_ARGS+=       --enable-natt=kernel
-
-CONFIGURE_ARGS+=       --localstatedir=${VARBASE:Q}
-PLIST_SUBST+=          VARBASE=${VARBASE:Q}
-
-PKG_SYSCONFSUBDIR=     racoon
-CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q}
-
-SAMPLE_DIR=    ${WRKSRC}/src/racoon/samples
-EXAMPLE_DIR=   ${PREFIX}/share/examples/ipsec-tools
-
-pre-configure:
-       ${RM} -f ${WRKSRC}/src/racoon/cfparse.c
-       ${RM} -f ${WRKSRC}/src/racoon/cftoken.c
-.if (${OPSYS} == "NetBSD")
-       ${MKDIR} ${BUILDLINK_DIR}/include/netinet6
-       ${EGREP} -v 'extern.*ipsec_.*_policy' /usr/include/netinet6/ipsec.h \
-         >${BUILDLINK_DIR}/include/netinet6/ipsec.h
-.endif
-
-post-install:
-       ${INSTALL_DATA_DIR} ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA_DIR} ${DESTDIR}${EXAMPLE_DIR}/roadwarrior
-       ${INSTALL_DATA_DIR} ${DESTDIR}${EXAMPLE_DIR}/roadwarrior/client
-       ${INSTALL_DATA_DIR} ${DESTDIR}${EXAMPLE_DIR}/roadwarrior/server
-       ${INSTALL_DATA} ${SAMPLE_DIR}/psk.txt ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/psk.txt.in ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/psk.txt.sample ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/racoon.conf ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/racoon.conf.in ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/racoon.conf.sample \
-           ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/racoon.conf.sample-gssapi \
-           ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/racoon.conf.sample-inherit \
-           ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/racoon.conf.sample-natt \
-           ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/racoon.conf.sample-plainrsa \
-           ${DESTDIR}${EXAMPLE_DIR}
-       ${INSTALL_DATA} ${SAMPLE_DIR}/roadwarrior/README \
-           ${DESTDIR}${EXAMPLE_DIR}/roadwarrior
-       ${INSTALL_DATA} ${SAMPLE_DIR}/roadwarrior/client/racoon.conf \
-           ${DESTDIR}${EXAMPLE_DIR}/roadwarrior/client
-       ${INSTALL_DATA} ${SAMPLE_DIR}/roadwarrior/client/phase1-up.sh \
-           ${DESTDIR}${EXAMPLE_DIR}/roadwarrior/client
-       ${INSTALL_DATA} ${SAMPLE_DIR}/roadwarrior/client/phase1-down.sh \
-           ${DESTDIR}${EXAMPLE_DIR}/roadwarrior/client
-       ${INSTALL_DATA} ${SAMPLE_DIR}/roadwarrior/server/racoon.conf \
-           ${DESTDIR}${EXAMPLE_DIR}/roadwarrior/server
-       ${INSTALL_DATA} ${SAMPLE_DIR}/roadwarrior/server/racoon.conf-radius \
-           ${DESTDIR}${EXAMPLE_DIR}/roadwarrior/server
-
-.include "../../security/openssl/buildlink3.mk"
-.include "../../mk/bsd.pkg.mk"
diff -r 0dd2005d90f9 -r d206c4484b9a security/ipsec-tools/PLIST
--- a/security/ipsec-tools/PLIST        Thu Dec 31 15:32:00 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,48 +0,0 @@
-@comment $NetBSD: PLIST,v 1.7 2015/12/29 06:28:48 dholland Exp $
-include/libipsec/libpfkey.h
-include/racoon/admin.h
-include/racoon/evt.h
-include/racoon/gcmalloc.h
-include/racoon/ipsec_doi.h
-include/racoon/isakmp.h
-include/racoon/isakmp_cfg.h
-include/racoon/isakmp_unity.h
-include/racoon/isakmp_var.h
-include/racoon/isakmp_xauth.h
-include/racoon/misc.h
-include/racoon/racoonctl.h
-include/racoon/schedule.h
-include/racoon/sockmisc.h
-include/racoon/var.h
-include/racoon/vmbuf.h
-lib/libipsec.la
-lib/libracoon.la
-man/man3/ipsec_set_policy.3
-man/man3/ipsec_strerror.3
-man/man5/racoon.conf.5
-man/man8/plainrsa-gen.8
-man/man8/racoon.8
-man/man8/racoonctl.8
-man/man8/setkey.8
-sbin/plainrsa-gen
-sbin/racoon
-sbin/racoonctl
-sbin/setkey
-share/examples/ipsec-tools/psk.txt
-share/examples/ipsec-tools/psk.txt.in
-share/examples/ipsec-tools/psk.txt.sample
-share/examples/ipsec-tools/racoon.conf
-share/examples/ipsec-tools/racoon.conf.in
-share/examples/ipsec-tools/racoon.conf.sample
-share/examples/ipsec-tools/racoon.conf.sample-gssapi
-share/examples/ipsec-tools/racoon.conf.sample-inherit
-share/examples/ipsec-tools/racoon.conf.sample-natt
-share/examples/ipsec-tools/racoon.conf.sample-plainrsa
-share/examples/ipsec-tools/roadwarrior/README
-share/examples/ipsec-tools/roadwarrior/client/phase1-down.sh
-share/examples/ipsec-tools/roadwarrior/client/phase1-up.sh
-share/examples/ipsec-tools/roadwarrior/client/racoon.conf
-share/examples/ipsec-tools/roadwarrior/server/racoon.conf
-share/examples/ipsec-tools/roadwarrior/server/racoon.conf-radius
-@exec ${MKDIR} ${VARBASE}/racoon
-@unexec ${RMDIR} ${VARBASE}/racoon 2>/dev/null || ${TRUE}
diff -r 0dd2005d90f9 -r d206c4484b9a security/ipsec-tools/distinfo
--- a/security/ipsec-tools/distinfo     Thu Dec 31 15:32:00 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,7 +0,0 @@
-$NetBSD: distinfo,v 1.18 2015/11/04 01:17:46 agc Exp $
-
-SHA1 (ipsec-tools-0.7.3.tar.bz2) = 19dc160643547a0bfabf0fe0ad1a181d3c28f410
-RMD160 (ipsec-tools-0.7.3.tar.bz2) = e0ff32f0daa845934ac868ad5f36d58b25919c30
-SHA512 (ipsec-tools-0.7.3.tar.bz2) = 8612438f95e0ee72b24cca88190027f4dfe611513fd0a5dffe7b0398d2b1dcafee8b30081d0ea2497a173051b8572ed2d62c11a5f6b8c7fcb3e4d45bcfb67a61
-Size (ipsec-tools-0.7.3.tar.bz2) = 776096 bytes
-SHA1 (patch-src_racoon_gssapi.c) = 6294956137e91749feee8de9da696c492fe786b9
diff -r 0dd2005d90f9 -r d206c4484b9a security/ipsec-tools/patches/patch-src_racoon_gssapi.c
--- a/security/ipsec-tools/patches/patch-src_racoon_gssapi.c    Thu Dec 31 15:32:00 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-$NetBSD: patch-src_racoon_gssapi.c,v 1.1 2015/05/19 15:45:44 sevan Exp $
-
-Protect against a NULL pointer dereference described in:
-https://www.altsci.com/ipsec/
-
---- src/racoon/gssapi.c.orig   2015-05-19 15:28:49.000000000 +0000
-+++ src/racoon/gssapi.c
-@@ -192,6 +192,11 @@ gssapi_init(struct ph1handle *iph1)
-       gss_name_t princ, canon_princ;
-       OM_uint32 maj_stat, min_stat;
- 
-+      if (iph1->rmconf == NULL) {
-+              plog(LLV_ERROR, LOCATION, NULL, "no remote config\n");
-+              return -1;
-+      }
-+
-       gps = racoon_calloc(1, sizeof (struct gssapi_ph1_state));
-       if (gps == NULL) {
-               plog(LLV_ERROR, LOCATION, NULL, "racoon_calloc failed\n");