security/ipsec-tools: fix build for FreeBSD 15

FreeBSD 15.0 got some incompatible changes to the header
/usr/include/netipsec/ipsec.h breaking build of this legacy code
due to added "const".

Fix it providing some patches that do not change the behavior.
While here, suppress some warnings that pollute build log
using modern Clang.

This fixes build, so PORTREVISION not bumped.

5 files changed, 80 insertions, 1 deletions

diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile
index 8ba6e0d49df7..4f33c3990565 100644
--- a/security/ipsec-tools/Makefile
+++ b/security/ipsec-tools/Makefile
@@ -10,7 +10,7 @@ WWW=		http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon
 
 LICENSE=	BSD3CLAUSE
 
-USES=		cpe libtool tar:bzip2 ssl
+USES=		compiler cpe libtool tar:bzip2 ssl
 
 CONFLICTS=	racoon
 INSTALL_TARGET=	install-strip
@@ -71,6 +71,11 @@ WCPSKEY_EXTRA_PATCHES=	${FILESDIR}/wildcard-psk.diff ${FILESDIR}/wildcard-psk-oa
 
 .include <bsd.port.pre.mk>
 
+.if ${COMPILER_TYPE} == clang && ${COMPILER_VERSION} >= 190
+CFLAGS+=	-Wno-deprecated-declarations -Wno-deprecated-non-prototype \
+		-Wno-incompatible-pointer-types-discards-qualifiers
+.endif
+
 .if ${OPSYS} == FreeBSD
 REQUIREMOD?=	ipsec
 .endif
diff --git a/security/ipsec-tools/files/patch-ipsec_dump_policy.c b/security/ipsec-tools/files/patch-ipsec_dump_policy.c
new file mode 100644
index 000000000000..1f3ba06741d2
--- /dev/null
+++ b/security/ipsec-tools/files/patch-ipsec_dump_policy.c
@@ -0,0 +1,13 @@
+--- src/libipsec/ipsec_dump_policy.c.orig	2010-12-03 21:01:11.000000000 +0600
++++ src/libipsec/ipsec_dump_policy.c	2025-02-09 15:01:50.443167000 +0700
+@@ -77,8 +77,8 @@ ipsec_dump_policy(policy, delimiter)
+  */
+ char *
+ ipsec_dump_policy(policy, delimiter)
+-	ipsec_policy_t policy;
+-	__ipsec_const char *delimiter;
++	c_ipsec_policy_t policy;
++	__ipsec_nconst char *delimiter;
+ {
+ 	return ipsec_dump_policy1(policy, delimiter, 0);
+ }
diff --git a/security/ipsec-tools/files/patch-ipsec_get_policylen.c b/security/ipsec-tools/files/patch-ipsec_get_policylen.c
new file mode 100644
index 000000000000..206a6f6e625d
--- /dev/null
+++ b/security/ipsec-tools/files/patch-ipsec_get_policylen.c
@@ -0,0 +1,11 @@
+--- src/libipsec/ipsec_get_policylen.c.orig	2007-07-18 12:07:50.000000000 +0000
++++ src/libipsec/ipsec_get_policylen.c	2025-02-09 07:40:22.545915000 +0000
+@@ -48,7 +48,7 @@
+ 
+ int
+ ipsec_get_policylen(policy)
+-	ipsec_policy_t policy;
++	c_ipsec_policy_t policy;
+ {
+ 	return policy ? PFKEY_EXTLEN(policy) : -1;
+ }
diff --git a/security/ipsec-tools/files/patch-libpfkey.h b/security/ipsec-tools/files/patch-libpfkey.h
new file mode 100644
index 000000000000..52835c1b2cdd
--- /dev/null
+++ b/security/ipsec-tools/files/patch-libpfkey.h
@@ -0,0 +1,39 @@
+--- src/libipsec/libpfkey.h.orig	2012-08-23 18:10:45.000000000 +0700
++++ src/libipsec/libpfkey.h	2025-02-09 14:39:31.913248000 +0700
+@@ -34,6 +34,8 @@
+ #ifndef _LIBPFKEY_H
+ #define _LIBPFKEY_H
+ 
++#include <sys/param.h>
++
+ #ifndef KAME_LIBPFKEY_H
+ #define KAME_LIBPFKEY_H
+ 
+@@ -64,6 +66,14 @@
+ #define __ipsec_const const
+ #endif
+ 
++#if __FreeBSD_version >= 1500019
++typedef c_caddr_t c_ipsec_policy_t;
++#define __ipsec_nconst const
++#else
++typedef caddr_t c_ipsec_policy_t;
++#define __ipsec_nconst
++#endif
++
+ struct pfkey_send_sa_args {
+ 	int 		so;			/* socket */
+ 	u_int		type;			
+@@ -107,9 +117,9 @@
+ void ipsec_hexdump __P((const void *, int));
+ const char *ipsec_strerror __P((void));
+ void kdebug_sadb __P((struct sadb_msg *));
+-ipsec_policy_t ipsec_set_policy __P((__ipsec_const char *, int));
+-int  ipsec_get_policylen __P((ipsec_policy_t));
+-char *ipsec_dump_policy __P((ipsec_policy_t, __ipsec_const char *));
++ipsec_policy_t ipsec_set_policy __P((__ipsec_nconst char *, int));
++int  ipsec_get_policylen __P((c_ipsec_policy_t));
++char *ipsec_dump_policy __P((c_ipsec_policy_t, __ipsec_nconst char *));
+ 
+ /* PFKey Routines */
+ 
diff --git a/security/ipsec-tools/files/patch-policy_parse.c b/security/ipsec-tools/files/patch-policy_parse.c
new file mode 100644
index 000000000000..9382e7048f37
--- /dev/null
+++ b/security/ipsec-tools/files/patch-policy_parse.c
@@ -0,0 +1,11 @@
+--- src/libipsec/policy_parse.c.orig	2012-08-23 11:12:33.000000000 +0000
++++ src/libipsec/policy_parse.c	2025-02-09 07:02:38.738230000 +0000
+@@ -2262,7 +2262,7 @@ ipsec_set_policy(msg, msglen)
+ 
+ ipsec_policy_t
+ ipsec_set_policy(msg, msglen)
+-	__ipsec_const char *msg;
++	__ipsec_nconst char *msg;
+ 	int msglen;
+ {
+ 	caddr_t policy;