- Update to a new snapshot from the OpenBSD 2.6 branch dated 20041207

which, among many other things, fixes the know security
  vulnerabilities.
- Remove some notes about tracking NetBSD, since the port does not do
  that anymore.
- Remove out-of-date information from pkg-descr.
- Take maintainership.

Approved by:	nectar

security/isakmpd/Makefile

@@ -4,20 +4,14 @@
 #
 # $FreeBSD$
 #
-# NOTE: See NetBSD's /usr/pkgsrc/security/isakmpd if this package
-#       should be updated!
-#
 
 PORTNAME=	isakmpd
-PORTVERSION=	20030903
+PORTVERSION=	20041207
 CATEGORIES=	security net
-MASTER_SITES=	${MASTER_SITE_NETBSD}
-MASTER_SITE_SUBDIR=	.
+MASTER_SITES=	${MASTER_SITE_LOCAL}
+MASTER_SITE_SUBDIR=	simon
 
-DEPRECATED=	http://vuxml.freebsd.org/b7cb488c-8349-11d8-a41f-0020ed76ef5a.html (security)
-EXPIRATION_DATE=2004-11-21
-
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	simon@FreeBSD.org
 COMMENT=	OpenBSD IKE daemon
 
 # this is not compatible with cross build - there's no other way

security/isakmpd/distinfo

@@ -1,2 +1,2 @@
-MD5 (isakmpd-20030903.tar.gz) = 7a692835f7928ae0a1a8f6f2d119b4aa
-SIZE (isakmpd-20030903.tar.gz) = 358314
+MD5 (isakmpd-20041207.tar.gz) = 24d8acbe6c0c9d53f3a06adf8a4387e8
+SIZE (isakmpd-20041207.tar.gz) = 374718

security/isakmpd/files/patch-Makefile

@@ -1,5 +1,5 @@
---- Makefile.orig	Fri Aug 29 00:43:35 2003
-+++ Makefile	Thu Oct 16 18:54:23 2003
+--- Makefile.orig	Tue Dec  7 21:06:56 2004
++++ Makefile	Mon Dec 13 12:06:21 2004
 @@ -38,9 +38,9 @@
  
  # openbsd means OpenBSD 2.5 or newer. freeswan is the name for Linux with
@@ -12,16 +12,22 @@
  #OS=		freeswan
  #OS=		bsdi
  
-@@ -157,6 +157,7 @@
- USE_LIBDES=	yes
+@@ -133,9 +133,9 @@
+ 
+ .ifdef USE_KEYNOTE
+ USE_LIBCRYPTO=	yes
+-USE_LIBDES=	yes
  LDADD+=		-lkeynote -lm
  DPADD+=		${LIBKEYNOTE} ${LIBM}
 +POLICY=         policy.c
  CFLAGS+=	-DUSE_KEYNOTE
  .endif
  
-@@ -202,4 +203,3 @@
+@@ -181,7 +181,6 @@
  ${PROG} beforedepend: ${GENERATED}
  
  .include <bsd.prog.mk>
 -.include <bsd.subdir.mk>
+ 
+ debug:
+ 	(cd ${.CURDIR}; ${MAKE} DEBUG="-g -Werror")

security/isakmpd/files/patch-Makefile.sysdep

@@ -1,8 +1,6 @@
-$FreeBSD$
-
---- sysdep/freebsd/Makefile.sysdep.orig	Thu Aug 29 02:39:36 2002
-+++ sysdep/freebsd/Makefile.sysdep	Sun Aug 24 18:30:45 2003
-@@ -42,10 +42,10 @@
+--- sysdep/freebsd/Makefile.sysdep.orig	Sat Jun 26 05:40:57 2004
++++ sysdep/freebsd/Makefile.sysdep	Sun Dec 12 02:47:19 2004
+@@ -40,11 +40,11 @@
  LIBSYSDEPDIR=	${.CURDIR}/sysdep/common/libsysdep
  .endif
  
@@ -10,12 +8,14 @@ $FreeBSD$
 +LDADD+=		${LIBSYSDEPDIR}/libsysdep.a -lipsec -L/usr/local/lib
  DPADD+=		${LIBGMP} ${LIBSYSDEPDIR}/libsysdep.a
  
--CFLAGS+=	-DHAVE_GETNAMEINFO -DHAVE_GETIFADDRS \
-+CFLAGS+=	-DHAVE_GETNAMEINFO -DHAVE_GETIFADDRS -DHAVE_PCAP \
- 		-I${.CURDIR}/sysdep/common -I/usr/include \
+-CFLAGS+=	-DHAVE_GETIFADDRS \
+-		-I${.CURDIR}/sysdep/common -I/usr/include \
++CFLAGS+=	-DHAVE_GETIFADDRS -DHAVE_PCAP \
++		-I${.CURDIR}/sysdep/common -I/usr/include -I/usr/include/openssl \
  		-I/usr/local/include -I/usr/local/include/openssl
  
-@@ -60,9 +60,6 @@
+ IPSEC_SRCS=	pf_key_v2.c
+@@ -58,9 +58,6 @@
  GENERATED+=	sysdep-target
  sysdep-target:
  		cd ${.CURDIR}/sysdep/common/libsysdep; ${MAKE} ${.MAKEFLAGS}

security/isakmpd/files/patch-ike_quick_mode.c

@@ -0,0 +1,16 @@
+--- ike_quick_mode.c	2004/08/14 13:29:50	1.86
++++ ike_quick_mode.c	2004/09/17 13:53:08	1.87
+@@ -1739,8 +1739,11 @@
+ 			    "strdup (\"%s\") failed", name);
+ 			goto cleanup;
+ 		}
+-	} else if (ignore_policy || strncmp("yes", conf_get_str("General",
+-	    "Use-Keynote"), 3)) {
++	} else if (
++#ifdef USE_POLICY
++	    ignore_policy ||
++#endif
++	    strncmp("yes", conf_get_str("General", "Use-Keynote"), 3)) {
+ 		log_print("responder_recv_HASH_SA_NONCE: peer proposed "
+ 		    "invalid phase 2 IDs: %s",
+ 		        (exchange->doi->decode_ids("initiator id %s, responder"

security/isakmpd/files/patch-isakmpd.c

@@ -0,0 +1,11 @@
+--- isakmpd.c	25 Jun 2004 20:25:34 -0000	1.67
++++ isakmpd.c	7 Dec 2004 19:41:01 -0000
+@@ -386,7 +386,7 @@
+ 		if (fcntl(n, F_GETFL, 0) == -1 && errno == EBADF)
+ 			(void) open("/dev/null", n ? O_WRONLY : O_RDONLY, 0);
+ 
+-	for (n = 1; n < _NSIG; n++)
++	for (n = 1; n < NSIG; n++)
+ 		signal(n, SIG_DFL);
+ 
+ 	/* Log cmd line parsing and initialization errors to stderr.  */

security/isakmpd/files/patch-sa.c

@@ -1,25 +1,31 @@
---- sa.c.orig	Wed Nov 13 04:31:38 2002
-+++ sa.c	Sat Feb  8 12:04:21 2003
-@@ -440,6 +440,6 @@
-   LOG_DBG ((cls, level, "%s: msgid %08x refcnt %d", header,
- 	    decode_32 (sa->message_id), sa->refcnt));
--  LOG_DBG ((cls, level, "%s: life secs %llu kb %llu", header, sa->seconds,
+--- sa.c.orig	Tue Aug 10 17:59:10 2004
++++ sa.c	Sun Dec 12 02:40:45 2004
+@@ -427,8 +427,8 @@
+ 	    decode_32(sa->cookies + 8), decode_32(sa->cookies + 12)));
+ 	LOG_DBG((cls, level, "%s: msgid %08x refcnt %d", header,
+ 	    decode_32(sa->message_id), sa->refcnt));
+-	LOG_DBG((cls, level, "%s: life secs %llu kb %llu", header, sa->seconds,
 -	    sa->kilobytes));
-+  LOG_DBG ((cls, level, "%s: life secs %llu kb %llu", header, (long long unsigned) sa->seconds,
++	LOG_DBG((cls, level, "%s: life secs %llu kb %llu", header, (long long unsigned) sa->seconds,
 +	    (long long unsigned) sa->kilobytes));
-   for (proto = TAILQ_FIRST (&sa->protos); proto;
-        proto = TAILQ_NEXT (proto, link))
-@@ -1040,5 +1040,5 @@
-       LOG_DBG ((LOG_TIMER, 95,
- 		"sa_setup_expirations: SA %p soft timeout in %llu seconds",
--		sa, seconds));
-+		sa, (long long unsigned) seconds));
-       expiration.tv_sec += seconds;
-       sa->soft_death
-@@ -1058,5 +1058,5 @@
-       LOG_DBG ((LOG_TIMER, 95,
- 		"sa_setup_expirations: SA %p hard timeout in %llu seconds",
--		sa, sa->seconds));
-+		sa, (long long unsigned) sa->seconds));
-       expiration.tv_sec += sa->seconds;
-       sa->death
+ 	for (proto = TAILQ_FIRST(&sa->protos); proto;
+ 	    proto = TAILQ_NEXT(proto, link)) {
+ 		LOG_DBG((cls, level, "%s: suite %d proto %d", header,
+@@ -1217,7 +1217,7 @@
+ 		seconds = sa->seconds * (850 + sysdep_random() % 100) / 1000;
+ 		LOG_DBG((LOG_TIMER, 95,
+ 		    "sa_setup_expirations: SA %p soft timeout in %llu seconds",
+-		    sa, seconds));
++		    sa, (long long unsigned) seconds));
+ 		expiration.tv_sec += seconds;
+ 		sa->soft_death = timer_add_event("sa_soft_expire",
+ 		    sa_soft_expire, sa, &expiration);
+@@ -1232,7 +1232,7 @@
+ 		gettimeofday(&expiration, 0);
+ 		LOG_DBG((LOG_TIMER, 95,
+ 		    "sa_setup_expirations: SA %p hard timeout in %llu seconds",
+-		    sa, sa->seconds));
++		    sa, (long long unsigned) sa->seconds));
+ 		expiration.tv_sec += sa->seconds;
+ 		sa->death = timer_add_event("sa_hard_expire", sa_hard_expire,
+ 		    sa, &expiration);

security/isakmpd/pkg-descr

@@ -1,15 +1,5 @@
 This is isakmpd, a BSD-licensed ISAKMP/Oakley (a.k.a. IKE)
 implementation.  It's written by Niklas Hallqvist and Niels Provos,
-funded by Ericsson Radio Systems AB.  Currently it is work in
-progress, although it can be used for real setups.  There are
-releases, but this distribution is not a release and is not named with
-ordinary version numbers.  When you got the source, hopefully the
-archive was named with a date which reflects when it was created.
-These archives are also known as snapshots and will be created at
-irregular intervals and put up on ftp.gsnig.net and ftp.appli.se in
-/pub/isakmpd.  From Nov 14, 1998 isakmpd is also available in the
-OpenBSD main source tree under src/sbin/isakmpd, though slightly
-modified because I don't want to carry support files for other OSes in
-that distribution.
+funded by Ericsson Radio Systems AB.
 
 WWW: http://www.openbsd.org/