New port: security/softether5: SoftEther VPN 5 (Developer Edition)

SoftEther VPN ("SoftEther" means "Software Ethernet") is an
open-source cross-platform multi-protocol VPN program, created as an
academic project in the University of Tsukuba.  Its protocol is very
fast and it can be used in very restricted environments, as it's able
to transfer packets over DNS and ICMP.  A NAT-Traversal function is
also available, very useful in case the required ports cannot be
opened on the firewall.  The supported third party protocols are
OpenVPN, L2TP/IPSec and SSTP.

This port is a bleeding-edge developer version of SoftEther, not for
production use.  If you're looking for a solid and stable version,
use security/softether (RTM version) or security/softether-devel
(stable version) instead.  This version is available also on other
other than i386/amd64 processors. Users who want to use SoftEther on
single board computers such as Raspberry Pi, BeagleBoard or other
embedded devices, try this port.

WWW: https://www.softether.org

security/Makefile

@@ -1258,6 +1258,7 @@
     SUBDIR += snuffleupagus
     SUBDIR += softether
     SUBDIR += softether-devel
+    SUBDIR += softether5
     SUBDIR += softhsm
     SUBDIR += softhsm2
     SUBDIR += sops

security/softether-devel/Makefile

@@ -36,7 +36,7 @@ OPTIONS_DEFINE=	DOCS UNLOCK
 UNLOCK_DESC=	Unlock regional lockout (JP and CN)
 UNLOCK_EXTRA_PATCHES=	${FILESDIR}/extra-patch-unrestrict-enterprise-functions
 
-CONFLICTS_INSTALL=	softether
+CONFLICTS_INSTALL=	softether-4.* softether5
 PORTDOCS=	AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT
 
 LOGDIR?=	/var/log/softether

security/softether/Makefile

@@ -36,7 +36,7 @@ OPTIONS_DEFINE=	DOCS UNLOCK
 UNLOCK_DESC=	Unlock regional lockout (JP and CN)
 UNLOCK_EXTRA_PATCHES=	${FILESDIR}/extra-patch-unrestrict-enterprise-functions
 
-CONFLICTS_INSTALL=	softether-devel
+CONFLICTS_INSTALL=	softether-devel-4.* softether5
 PORTDOCS=	AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT
 
 LOGDIR?=	/var/log/softether

security/softether5/Makefile

@@ -0,0 +1,109 @@
+# $FreeBSD$
+
+PORTNAME=	softether
+DISTVERSION=	5.01.9669
+CATEGORIES=	security
+PKGNAMESUFFIX=	5
+
+MAINTAINER=	meta@FreeBSD.org
+COMMENT=	SoftEther VPN 5 (Developer Edition)
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	${LOCALBASE}/include/cpu_features_macros.h:devel/cpu_features
+
+USES+=		cmake:noninja dos2unix iconv:wchar_t localbase:ldflags ncurses readline ssl
+USE_RC_SUBR=	softether_bridge softether_client softether_server
+USE_LDCONFIG=	yes
+USE_GITHUB=	yes
+
+DOS2UNIX_GLOB=	*.h *.c
+
+GH_ACCOUNT=	SoftEtherVPN
+GH_PROJECT=	SoftEtherVPN
+
+OPTIONS_DEFINE=	DOCS UNLOCK
+
+# Use of some functions in Japan and China is restricted.
+# This option Unlocks regional lockout following functions:
+#  - RADIUS / NT Domain user authentication function
+#  - RSA certificate user authentication function
+#  - Deep-inspect packet logging function
+#  - Source IP address control list function
+#  - syslog transfer function
+UNLOCK_DESC=	Unlock regional lockout (JP and CN)
+UNLOCK_EXTRA_PATCHES=	${FILESDIR}/extra-patch-unrestrict-enterprise-functions
+
+PORTDOCS=	DISCLAIMER.md WARNING.TXT
+CONFLICTS_INSTALL=	softether-4.[0-9]* softether-devel-4.[0-9]*
+
+SE_DBDIR?=	/var/db/${PORTNAME}
+SE_LOGDIR?=	/var/log/${PORTNAME}
+PLIST_SUB=	SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}"
+SUB_LIST=	SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}"
+SUB_FILES=	pkg-message
+
+.include <bsd.port.options.mk>
+
+pre-configure:
+	# not a GNU configure
+	@cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./configure
+
+post-patch:
+	# SoftEther scatters logs, config files and PID files in PREFIX/libexec
+	# directory. To write them in the right place, replace it.
+	${REINPLACE_CMD} \
+		-e "s|@vpn_server_template|${SE_DBDIR}/vpn_server_template|" \
+		-e "s|@vpn_server|${SE_DBDIR}/vpn_server|" \
+		-e "s|@vpn_bridge|${SE_DBDIR}/vpn_bridge|" \
+		-e "s|@vpn_gate_svc|${SE_DBDIR}/vpn_gate_svc|" \
+		-e "s|@vpn_gate_relay|${SE_DBDIR}/vpn_gate_relay|" \
+		${WRKSRC}/src/Cedar/Server.c
+
+	${REINPLACE_CMD} \
+		-e "s|@adminip|${SE_DBDIR}/adminip|" \
+		-e "s|@etherlogger|${SE_DBDIR}/etherlogger|" \
+		-e "s|@vpn_client|${SE_DBDIR}/vpn_client|" \
+		-e "s|@vpn_router|${SE_DBDIR}/vpn_router|" \
+		-e "s|@custom|${SE_DBDIR}/custom|" \
+		-e "s|@backup|${SE_DBDIR}/backup|" \
+		-e "s|@save_binary|${SE_DBDIR}/save_binary|" \
+		-e "s|@lang|${SE_DBDIR}/lang|" \
+		-e "s|@azureserver|${SE_DBDIR}/azureserver|" \
+		-e "s|@server_log|${DIR}/server|" \
+		-e "s|@security_log|${SE_LOGDIR}/security|" \
+		-e "s|@packet_log|${SE_LOGDIR}/packet|" \
+		-e "s|@secure_nat_log|${SE_LOGDIR}/secure_nat|" \
+		-e "s|@client_log|${SE_LOGDIR}/client|" \
+		-e "s|@tiny_log|${SE_LOGDIR}/tiny|" \
+		-e "s|@carrier_log|${SE_LOGDIR}/carrier|" \
+		-e "s|@etherlogger_log|${SE_LOGDIR}/etherlogger|" \
+		${WRKSRC}/src/Cedar/Cedar.h \
+		${WRKSRC}/src/Cedar/Client.h \
+		${WRKSRC}/src/Cedar/Nat.h \
+		${WRKSRC}/src/Cedar/Server.c \
+		${WRKSRC}/src/Mayaqua/Cfg.c \
+		${WRKSRC}/src/Mayaqua/Cfg.h \
+		${WRKSRC}/src/Mayaqua/Table.h
+
+	${REINPLACE_CMD} \
+		-e "s|abort_error_log\.txt|${SE_LOGDIR}/abort_error_log.txt|" \
+		${WRKSRC}/src/Mayaqua/Kernel.c
+
+	${REINPLACE_CMD} \
+		-e "s|%%SE_DBDIR%%|${SE_DBDIR}|g" \
+		${WRKSRC}/src/Cedar/Protocol.c \
+		${WRKSRC}/src/Mayaqua/Unix.c \
+		${WRKSRC}/src/Mayaqua/Network.c
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${SE_LOGDIR} ${STAGEDIR}${SE_DBDIR}
+
+post-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+.for doc in ${PORTDOCS}
+	${FIND} ${WRKSRC} -name ${doc} -exec ${INSTALL_DATA} {} ${STAGEDIR}${DOCSDIR} \;
+.endfor
+
+.include <bsd.port.mk>

security/softether5/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1549591284
+SHA256 (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = e40597094bd551767043fd5a8553ca03bfb5ab3938ea2523414d03b1bb7fddd5
+SIZE (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = 65709105

security/softether5/files/extra-patch-unrestrict-enterprise-functions

@@ -0,0 +1,27 @@
+--- src/Cedar/Server.c.orig	2019-02-04 04:43:50.000000000 +0900
++++ src/Cedar/Server.c	2019-02-15 17:50:18.825945000 +0900
+@@ -10566,23 +10566,7 @@
+ // 
+ bool SiIsEnterpriseFunctionsRestrictedOnOpenSource(CEDAR *c)
+ {
+-	char region[128];
+-	bool ret = false;
+-	// Validate arguments
+-	if (c == NULL)
+-	{
+-		return false;
+-	}
+-
+-
+-	SiGetCurrentRegion(c, region, sizeof(region));
+-
+-	if (StrCmpi(region, "JP") == 0 || StrCmpi(region, "CN") == 0)
+-	{
+-		ret = true;
+-	}
+-
+-	return ret;
++	return false;
+ }
+ 
+ // Update the current region

security/softether5/files/patch-chain-certs-dir

@@ -0,0 +1,31 @@
+--- src/Cedar/Protocol.c.orig	2019-02-03 19:43:50 UTC
++++ src/Cedar/Protocol.c
+@@ -58,7 +58,7 @@ bool TryGetRootCertChain(LIST *o, X *x, bool auto_save
+ 		wchar_t exedir[MAX_SIZE];
+ 
+ 		GetExeDirW(exedir, sizeof(exedir));
+-		CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs");
++		CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs");
+ 		MakeDirExW(dirname);
+ 
+ 		if (auto_save)
+@@ -365,7 +365,7 @@ void AddAllChainCertsToCertList(LIST *o)
+ 
+ 	GetExeDirW(exedir, sizeof(exedir));
+ 
+-	CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs");
++	CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs");
+ 
+ 	MakeDirExW(dirname);
+ 
+--- src/Mayaqua/Network.c.orig	2019-02-03 19:43:50 UTC
++++ src/Mayaqua/Network.c
+@@ -11520,7 +11520,7 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx
+ 
+ 	GetExeDirW(exedir, sizeof(exedir));
+ 
+-	CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs");
++	CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs");
+ 
+ 	MakeDirExW(dirname);
+ 

security/softether5/files/patch-piddir

@@ -0,0 +1,29 @@
+--- src/Mayaqua/Unix.c.orig	2019-02-03 19:43:50 UTC
++++ src/Mayaqua/Unix.c
+@@ -774,7 +774,7 @@ void *UnixNewSingleInstance(char *instance_name)
+ 	GetExeDir(dir, sizeof(dir));
+ 
+ 	// File name generation
+-	Format(name, sizeof(name), "%s/.%s", dir, tmp);
++	Format(name, sizeof(name), "/var/db/softether/.%s", tmp);
+ 
+ 	fd = open(name, O_WRONLY);
+ 	if (fd == -1)
+@@ -2194,7 +2194,7 @@ void UnixGenPidFileName(char *name, UINT size)
+ 	Md5(hash, exe_name, StrLen(exe_name));
+ 	BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash));
+ 
+-	Format(name, size, "%s/.pid_%s", dir, tmp1);
++	Format(name, size, "/var/db/softether/.pid_%s", tmp1);
+ }
+ 
+ // Delete the PID file
+@@ -2239,7 +2239,7 @@ void UnixGenCtlFileName(char *name, UINT size)
+ 	Md5(hash, exe_name, StrLen(exe_name));
+ 	BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash));
+ 
+-	Format(name, size, "%s/.ctl_%s", dir, tmp1);
++	Format(name, size, "/var/db/softether/.ctl_%s", tmp1);
+ }
+ 
+ // Write the CTL file

security/softether5/files/patch-use-system-cpu_features

@@ -0,0 +1,18 @@
+--- src/Mayaqua/CMakeLists.txt.orig	2019-02-03 19:43:50 UTC
++++ src/Mayaqua/CMakeLists.txt
+@@ -63,14 +63,10 @@ if(UNIX)
+ 
+   find_library(LIB_RT rt)
+ 
+-  target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB)
++  target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB cpu_features)
+ 
+   if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(armv7l|aarch64|s390x)$" OR NOT HAVE_SYS_AUXV)
+     add_definitions(-DSKIP_CPU_FEATURES)
+-  else()
+-    add_subdirectory(3rdparty/cpu_features)
+-    set_property(TARGET cpu_features PROPERTY POSITION_INDEPENDENT_CODE ON)
+-    target_link_libraries(mayaqua PRIVATE cpu_features)
+   endif()
+ 
+   if(LIB_RT)

security/softether5/files/pkg-message.in

@@ -0,0 +1,24 @@
+**************************************************************************
+
+To run softether vpn client from startup, run
+sysrc softether_client_enable=yes
+
+To run softether vpn server from startup, run
+sysrc softether_server_enable=yes
+
+To run softether vpn bridge from startup, run
+sysrc softether_bridge_enable=yes
+
+Initial and further configuration of all softether services can be
+done either by using a Windows client to connect to the running
+services or by vpncmd from command line.
+
+Please note client and bridge functionality is not fully
+supported on FreeBSD right now.
+
+When removing SoftEther VPN without the desire to reinstall, please
+ensure to remove the following dirctories as well:
+- %%SE_DBDIR%%
+- %%SE_LOGDIR%%
+
+**************************************************************************

security/softether5/files/softether_bridge.in

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# PROVIDE: softether_bridge
+# REQUIRE: NETWORKING SERVERS
+# BEFORE: DAEMON
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable softether_bridge:
+# softether_bridge_enable (bool):  Set to "NO" by default.
+#                                  Set it to "YES" to enable
+#
+. /etc/rc.subr
+
+name=softether_bridge
+rcvar=softether_bridge_enable
+load_rc_config ${name}
+
+: ${softether_bridge_enable:=NO}
+
+command="%%PREFIX%%/libexec/softether/vpnbridge/vpnbridge"
+
+datadir="/var/db/softether"
+
+start_precmd="${name}_precmd"
+start_cmd="${command} start"
+stop_cmd="${command} stop"
+
+softether_bridge_precmd()
+{
+	if [ ! -d "${datadir}" ]; then
+	    mkdir -p ${datadir}
+	fi
+}
+
+run_rc_command "$1"

security/softether5/files/softether_client.in

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# PROVIDE: softether_client
+# REQUIRE: NETWORKING SERVERS
+# BEFORE: DAEMON
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable softether_client:
+# softether_client_enable (bool):  Set to "NO" by default.
+#                                  Set it to "YES" to enable
+#
+. /etc/rc.subr
+
+name=softether_client
+rcvar=softether_client_enable
+load_rc_config ${name}
+
+: ${softether_client_enable:=NO}
+
+command="%%PREFIX%%/libexec/softether/vpnclient/vpnclient"
+
+datadir="/var/db/softether"
+
+start_precmd="${name}_precmd"
+start_cmd="${command} start"
+stop_cmd="${command} stop"
+
+softether_client_precmd()
+{
+	if [ ! -d "${datadir}" ]; then
+	    mkdir -p ${datadir}
+	fi
+}
+
+run_rc_command "$1"

security/softether5/files/softether_server.in

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# PROVIDE: softether_server
+# REQUIRE: NETWORKING SERVERS
+# BEFORE: DAEMON
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable softether_server:
+# softether_server_enable (bool):  Set to "NO" by default.
+#                                  Set it to "YES" to enable
+#
+. /etc/rc.subr
+
+name=softether_server
+rcvar=softether_server_enable
+load_rc_config ${name}
+
+: ${softether_server_enable:=NO}
+
+command="%%PREFIX%%/libexec/softether/vpnserver/vpnserver"
+
+datadir="/var/db/softether"
+
+start_precmd="${name}_precmd"
+start_cmd="${command} start"
+stop_cmd="${command} stop"
+
+softether_server_precmd()
+{
+	if [ ! -d "${datadir}" ]; then
+	    mkdir -p ${datadir}
+	fi
+}
+
+run_rc_command "$1"

security/softether5/pkg-descr

@@ -0,0 +1,18 @@
+SoftEther VPN ("SoftEther" means "Software Ethernet") is an
+open-source cross-platform multi-protocol VPN program, created as an
+academic project in the University of Tsukuba.  Its protocol is very
+fast and it can be used in very restricted environments, as it's able
+to transfer packets over DNS and ICMP.  A NAT-Traversal function is
+also available, very useful in case the required ports cannot be
+opened on the firewall.  The supported third party protocols are
+OpenVPN, L2TP/IPSec and SSTP.
+
+This port is a bleeding-edge developer version of SoftEther, not for
+production use.  If you're looking for a solid and stable version,
+use security/softether (RTM version) or security/softether-devel
+(stable version) instead.  This version is available also on other
+other than i386/amd64 processors. Users who want to use SoftEther on
+single board computers such as Raspberry Pi, BeagleBoard or other
+embedded devices, try this port.
+
+WWW: https://www.softether.org

security/softether5/pkg-plist

@@ -0,0 +1,20 @@
+bin/vpnbridge
+bin/vpnclient
+bin/vpncmd
+bin/vpnserver
+lib/libcedar.so
+lib/libmayaqua.so
+libexec/softether/vpnbridge/hamcore.se2
+libexec/softether/vpnbridge/vpnbridge
+libexec/softether/vpnclient/hamcore.se2
+libexec/softether/vpnclient/vpnclient
+libexec/softether/vpncmd/hamcore.se2
+libexec/softether/vpncmd/vpncmd
+libexec/softether/vpnserver/hamcore.se2
+libexec/softether/vpnserver/vpnserver
+@dir libexec/softether/vpnbridge
+@dir libexec/softether/vpnclient
+@dir libexec/softether/vpncmd
+@dir libexec/softether/vpnserver
+@dir %%SE_DBDIR%%
+@dir %%SE_LOGDIR%%