diff --git a/security/Makefile b/security/Makefile index 25771d6fb0e3..62ee41217b9f 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1258,6 +1258,7 @@ SUBDIR += snuffleupagus SUBDIR += softether SUBDIR += softether-devel + SUBDIR += softether5 SUBDIR += softhsm SUBDIR += softhsm2 SUBDIR += sops diff --git a/security/softether-devel/Makefile b/security/softether-devel/Makefile index ce9c484df1ec..6013e42fe441 100644 --- a/security/softether-devel/Makefile +++ b/security/softether-devel/Makefile @@ -36,7 +36,7 @@ OPTIONS_DEFINE= DOCS UNLOCK UNLOCK_DESC= Unlock regional lockout (JP and CN) UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions -CONFLICTS_INSTALL= softether +CONFLICTS_INSTALL= softether-4.* softether5 PORTDOCS= AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT LOGDIR?= /var/log/softether diff --git a/security/softether/Makefile b/security/softether/Makefile index 7af712102af2..ec7510f91a3a 100644 --- a/security/softether/Makefile +++ b/security/softether/Makefile @@ -36,7 +36,7 @@ OPTIONS_DEFINE= DOCS UNLOCK UNLOCK_DESC= Unlock regional lockout (JP and CN) UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions -CONFLICTS_INSTALL= softether-devel +CONFLICTS_INSTALL= softether-devel-4.* softether5 PORTDOCS= AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT LOGDIR?= /var/log/softether diff --git a/security/softether5/Makefile b/security/softether5/Makefile new file mode 100644 index 000000000000..6a510f552f2b --- /dev/null +++ b/security/softether5/Makefile @@ -0,0 +1,109 @@ +# $FreeBSD$ + +PORTNAME= softether +DISTVERSION= 5.01.9669 +CATEGORIES= security +PKGNAMESUFFIX= 5 + +MAINTAINER= meta@FreeBSD.org +COMMENT= SoftEther VPN 5 (Developer Edition) + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${LOCALBASE}/include/cpu_features_macros.h:devel/cpu_features + +USES+= cmake:noninja dos2unix iconv:wchar_t localbase:ldflags ncurses readline ssl +USE_RC_SUBR= softether_bridge softether_client softether_server +USE_LDCONFIG= yes +USE_GITHUB= yes + +DOS2UNIX_GLOB= *.h *.c + +GH_ACCOUNT= SoftEtherVPN +GH_PROJECT= SoftEtherVPN + +OPTIONS_DEFINE= DOCS UNLOCK + +# Use of some functions in Japan and China is restricted. +# This option Unlocks regional lockout following functions: +# - RADIUS / NT Domain user authentication function +# - RSA certificate user authentication function +# - Deep-inspect packet logging function +# - Source IP address control list function +# - syslog transfer function +UNLOCK_DESC= Unlock regional lockout (JP and CN) +UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions + +PORTDOCS= DISCLAIMER.md WARNING.TXT +CONFLICTS_INSTALL= softether-4.[0-9]* softether-devel-4.[0-9]* + +SE_DBDIR?= /var/db/${PORTNAME} +SE_LOGDIR?= /var/log/${PORTNAME} +PLIST_SUB= SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}" +SUB_LIST= SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}" +SUB_FILES= pkg-message + +.include + +pre-configure: + # not a GNU configure + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./configure + +post-patch: + # SoftEther scatters logs, config files and PID files in PREFIX/libexec + # directory. To write them in the right place, replace it. + ${REINPLACE_CMD} \ + -e "s|@vpn_server_template|${SE_DBDIR}/vpn_server_template|" \ + -e "s|@vpn_server|${SE_DBDIR}/vpn_server|" \ + -e "s|@vpn_bridge|${SE_DBDIR}/vpn_bridge|" \ + -e "s|@vpn_gate_svc|${SE_DBDIR}/vpn_gate_svc|" \ + -e "s|@vpn_gate_relay|${SE_DBDIR}/vpn_gate_relay|" \ + ${WRKSRC}/src/Cedar/Server.c + + ${REINPLACE_CMD} \ + -e "s|@adminip|${SE_DBDIR}/adminip|" \ + -e "s|@etherlogger|${SE_DBDIR}/etherlogger|" \ + -e "s|@vpn_client|${SE_DBDIR}/vpn_client|" \ + -e "s|@vpn_router|${SE_DBDIR}/vpn_router|" \ + -e "s|@custom|${SE_DBDIR}/custom|" \ + -e "s|@backup|${SE_DBDIR}/backup|" \ + -e "s|@save_binary|${SE_DBDIR}/save_binary|" \ + -e "s|@lang|${SE_DBDIR}/lang|" \ + -e "s|@azureserver|${SE_DBDIR}/azureserver|" \ + -e "s|@server_log|${DIR}/server|" \ + -e "s|@security_log|${SE_LOGDIR}/security|" \ + -e "s|@packet_log|${SE_LOGDIR}/packet|" \ + -e "s|@secure_nat_log|${SE_LOGDIR}/secure_nat|" \ + -e "s|@client_log|${SE_LOGDIR}/client|" \ + -e "s|@tiny_log|${SE_LOGDIR}/tiny|" \ + -e "s|@carrier_log|${SE_LOGDIR}/carrier|" \ + -e "s|@etherlogger_log|${SE_LOGDIR}/etherlogger|" \ + ${WRKSRC}/src/Cedar/Cedar.h \ + ${WRKSRC}/src/Cedar/Client.h \ + ${WRKSRC}/src/Cedar/Nat.h \ + ${WRKSRC}/src/Cedar/Server.c \ + ${WRKSRC}/src/Mayaqua/Cfg.c \ + ${WRKSRC}/src/Mayaqua/Cfg.h \ + ${WRKSRC}/src/Mayaqua/Table.h + + ${REINPLACE_CMD} \ + -e "s|abort_error_log\.txt|${SE_LOGDIR}/abort_error_log.txt|" \ + ${WRKSRC}/src/Mayaqua/Kernel.c + + ${REINPLACE_CMD} \ + -e "s|%%SE_DBDIR%%|${SE_DBDIR}|g" \ + ${WRKSRC}/src/Cedar/Protocol.c \ + ${WRKSRC}/src/Mayaqua/Unix.c \ + ${WRKSRC}/src/Mayaqua/Network.c + +post-install: + @${MKDIR} ${STAGEDIR}${SE_LOGDIR} ${STAGEDIR}${SE_DBDIR} + +post-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} +.for doc in ${PORTDOCS} + ${FIND} ${WRKSRC} -name ${doc} -exec ${INSTALL_DATA} {} ${STAGEDIR}${DOCSDIR} \; +.endfor + +.include diff --git a/security/softether5/distinfo b/security/softether5/distinfo new file mode 100644 index 000000000000..85013d26b6f4 --- /dev/null +++ b/security/softether5/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1549591284 +SHA256 (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = e40597094bd551767043fd5a8553ca03bfb5ab3938ea2523414d03b1bb7fddd5 +SIZE (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = 65709105 diff --git a/security/softether5/files/extra-patch-unrestrict-enterprise-functions b/security/softether5/files/extra-patch-unrestrict-enterprise-functions new file mode 100644 index 000000000000..780bbe10f8bd --- /dev/null +++ b/security/softether5/files/extra-patch-unrestrict-enterprise-functions @@ -0,0 +1,27 @@ +--- src/Cedar/Server.c.orig 2019-02-04 04:43:50.000000000 +0900 ++++ src/Cedar/Server.c 2019-02-15 17:50:18.825945000 +0900 +@@ -10566,23 +10566,7 @@ + // + bool SiIsEnterpriseFunctionsRestrictedOnOpenSource(CEDAR *c) + { +- char region[128]; +- bool ret = false; +- // Validate arguments +- if (c == NULL) +- { +- return false; +- } +- +- +- SiGetCurrentRegion(c, region, sizeof(region)); +- +- if (StrCmpi(region, "JP") == 0 || StrCmpi(region, "CN") == 0) +- { +- ret = true; +- } +- +- return ret; ++ return false; + } + + // Update the current region diff --git a/security/softether5/files/patch-chain-certs-dir b/security/softether5/files/patch-chain-certs-dir new file mode 100644 index 000000000000..886d7773f674 --- /dev/null +++ b/security/softether5/files/patch-chain-certs-dir @@ -0,0 +1,31 @@ +--- src/Cedar/Protocol.c.orig 2019-02-03 19:43:50 UTC ++++ src/Cedar/Protocol.c +@@ -58,7 +58,7 @@ bool TryGetRootCertChain(LIST *o, X *x, bool auto_save + wchar_t exedir[MAX_SIZE]; + + GetExeDirW(exedir, sizeof(exedir)); +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + MakeDirExW(dirname); + + if (auto_save) +@@ -365,7 +365,7 @@ void AddAllChainCertsToCertList(LIST *o) + + GetExeDirW(exedir, sizeof(exedir)); + +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + + MakeDirExW(dirname); + +--- src/Mayaqua/Network.c.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/Network.c +@@ -11520,7 +11520,7 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx + + GetExeDirW(exedir, sizeof(exedir)); + +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + + MakeDirExW(dirname); + diff --git a/security/softether5/files/patch-piddir b/security/softether5/files/patch-piddir new file mode 100644 index 000000000000..b91b81fe27b3 --- /dev/null +++ b/security/softether5/files/patch-piddir @@ -0,0 +1,29 @@ +--- src/Mayaqua/Unix.c.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/Unix.c +@@ -774,7 +774,7 @@ void *UnixNewSingleInstance(char *instance_name) + GetExeDir(dir, sizeof(dir)); + + // File name generation +- Format(name, sizeof(name), "%s/.%s", dir, tmp); ++ Format(name, sizeof(name), "/var/db/softether/.%s", tmp); + + fd = open(name, O_WRONLY); + if (fd == -1) +@@ -2194,7 +2194,7 @@ void UnixGenPidFileName(char *name, UINT size) + Md5(hash, exe_name, StrLen(exe_name)); + BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash)); + +- Format(name, size, "%s/.pid_%s", dir, tmp1); ++ Format(name, size, "/var/db/softether/.pid_%s", tmp1); + } + + // Delete the PID file +@@ -2239,7 +2239,7 @@ void UnixGenCtlFileName(char *name, UINT size) + Md5(hash, exe_name, StrLen(exe_name)); + BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash)); + +- Format(name, size, "%s/.ctl_%s", dir, tmp1); ++ Format(name, size, "/var/db/softether/.ctl_%s", tmp1); + } + + // Write the CTL file diff --git a/security/softether5/files/patch-use-system-cpu_features b/security/softether5/files/patch-use-system-cpu_features new file mode 100644 index 000000000000..7f03d39f89c3 --- /dev/null +++ b/security/softether5/files/patch-use-system-cpu_features @@ -0,0 +1,18 @@ +--- src/Mayaqua/CMakeLists.txt.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/CMakeLists.txt +@@ -63,14 +63,10 @@ if(UNIX) + + find_library(LIB_RT rt) + +- target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB) ++ target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB cpu_features) + + if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(armv7l|aarch64|s390x)$" OR NOT HAVE_SYS_AUXV) + add_definitions(-DSKIP_CPU_FEATURES) +- else() +- add_subdirectory(3rdparty/cpu_features) +- set_property(TARGET cpu_features PROPERTY POSITION_INDEPENDENT_CODE ON) +- target_link_libraries(mayaqua PRIVATE cpu_features) + endif() + + if(LIB_RT) diff --git a/security/softether5/files/pkg-message.in b/security/softether5/files/pkg-message.in new file mode 100644 index 000000000000..29299ccca65f --- /dev/null +++ b/security/softether5/files/pkg-message.in @@ -0,0 +1,24 @@ +************************************************************************** + +To run softether vpn client from startup, run +sysrc softether_client_enable=yes + +To run softether vpn server from startup, run +sysrc softether_server_enable=yes + +To run softether vpn bridge from startup, run +sysrc softether_bridge_enable=yes + +Initial and further configuration of all softether services can be +done either by using a Windows client to connect to the running +services or by vpncmd from command line. + +Please note client and bridge functionality is not fully +supported on FreeBSD right now. + +When removing SoftEther VPN without the desire to reinstall, please +ensure to remove the following dirctories as well: +- %%SE_DBDIR%% +- %%SE_LOGDIR%% + +************************************************************************** diff --git a/security/softether5/files/softether_bridge.in b/security/softether5/files/softether_bridge.in new file mode 100644 index 000000000000..7080fe33b4ab --- /dev/null +++ b/security/softether5/files/softether_bridge.in @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_bridge +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_bridge: +# softether_bridge_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_bridge +rcvar=softether_bridge_enable +load_rc_config ${name} + +: ${softether_bridge_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnbridge/vpnbridge" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_bridge_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" diff --git a/security/softether5/files/softether_client.in b/security/softether5/files/softether_client.in new file mode 100644 index 000000000000..b9dc04eceef4 --- /dev/null +++ b/security/softether5/files/softether_client.in @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_client +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_client: +# softether_client_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_client +rcvar=softether_client_enable +load_rc_config ${name} + +: ${softether_client_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnclient/vpnclient" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_client_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" diff --git a/security/softether5/files/softether_server.in b/security/softether5/files/softether_server.in new file mode 100644 index 000000000000..6485a3e4e41a --- /dev/null +++ b/security/softether5/files/softether_server.in @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_server +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_server: +# softether_server_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_server +rcvar=softether_server_enable +load_rc_config ${name} + +: ${softether_server_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnserver/vpnserver" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_server_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" diff --git a/security/softether5/pkg-descr b/security/softether5/pkg-descr new file mode 100644 index 000000000000..532d0ff89a71 --- /dev/null +++ b/security/softether5/pkg-descr @@ -0,0 +1,18 @@ +SoftEther VPN ("SoftEther" means "Software Ethernet") is an +open-source cross-platform multi-protocol VPN program, created as an +academic project in the University of Tsukuba. Its protocol is very +fast and it can be used in very restricted environments, as it's able +to transfer packets over DNS and ICMP. A NAT-Traversal function is +also available, very useful in case the required ports cannot be +opened on the firewall. The supported third party protocols are +OpenVPN, L2TP/IPSec and SSTP. + +This port is a bleeding-edge developer version of SoftEther, not for +production use. If you're looking for a solid and stable version, +use security/softether (RTM version) or security/softether-devel +(stable version) instead. This version is available also on other +other than i386/amd64 processors. Users who want to use SoftEther on +single board computers such as Raspberry Pi, BeagleBoard or other +embedded devices, try this port. + +WWW: https://www.softether.org diff --git a/security/softether5/pkg-plist b/security/softether5/pkg-plist new file mode 100644 index 000000000000..36b48fa5a1c2 --- /dev/null +++ b/security/softether5/pkg-plist @@ -0,0 +1,20 @@ +bin/vpnbridge +bin/vpnclient +bin/vpncmd +bin/vpnserver +lib/libcedar.so +lib/libmayaqua.so +libexec/softether/vpnbridge/hamcore.se2 +libexec/softether/vpnbridge/vpnbridge +libexec/softether/vpnclient/hamcore.se2 +libexec/softether/vpnclient/vpnclient +libexec/softether/vpncmd/hamcore.se2 +libexec/softether/vpncmd/vpncmd +libexec/softether/vpnserver/hamcore.se2 +libexec/softether/vpnserver/vpnserver +@dir libexec/softether/vpnbridge +@dir libexec/softether/vpnclient +@dir libexec/softether/vpncmd +@dir libexec/softether/vpnserver +@dir %%SE_DBDIR%% +@dir %%SE_LOGDIR%%