From bz@zabbadoz.net  Mon Nov 13 18:36:23 2006
Return-Path: <bz@zabbadoz.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3990D16A407
	for <freebsd-gnats-submit@freebsd.org>; Mon, 13 Nov 2006 18:36:23 +0000 (UTC)
	(envelope-from bz@zabbadoz.net)
Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5ECEE44285
	for <freebsd-gnats-submit@freebsd.org>; Mon, 13 Nov 2006 18:30:18 +0000 (GMT)
	(envelope-from bz@zabbadoz.net)
Received: from transport.cksoft.de (localhost [127.0.0.1])
	by transport.cksoft.de (Postfix) with ESMTP id 582571FFD6A
	for <freebsd-gnats-submit@freebsd.org>; Mon, 13 Nov 2006 19:30:10 +0100 (CET)
Received: by transport.cksoft.de (Postfix, from userid 66)
	id 478BE1FFD1D; Mon, 13 Nov 2006 19:30:05 +0100 (CET)
Received: by mail.int.zabbadoz.net (Postfix, from userid 1060)
	id 327B3444892; Mon, 13 Nov 2006 18:29:00 +0000 (UTC)
Message-Id: <20061113182900.327B3444892@mail.int.zabbadoz.net>
Date: Mon, 13 Nov 2006 18:29:00 +0000 (UTC)
From: Bjoern A.Zeeb <bzeeb+freebsd+ports@zabbadoz.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Bjoern A.Zeeb <bzeeb+freebsd+ports@zabbadoz.net>
Subject: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched

>Number:         105488
>Category:       ports
>Synopsis:       [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 13 18:40:12 GMT 2006
>Closed-Date:    Mon Dec 04 10:25:14 GMT 2006
>Last-Modified:  Mon Dec  4 10:30:07 GMT 2006
>Originator:     Bjoern A. Zeeb
>Release:        FreeBSD 7.0-CURRENT i386
>Organization:
Zabbadoz.NeT
>Environment:
	CURRENT that needs updating

>Description:
	ipsec-tools has a make config option to enable NAT-T support
        or leave it disabled.
	To be able to compile in NAT-T support  patched header files have to
	be installed to the system the port is build on.
	People enabling NAT-T support but not having installed the patched
	header files do not get NAT-T support and only a single line
	output from configure/autotools tells you about this so it is
	unlikely that anyone will ever notice.
	Usually people install ipsec-tools and wonder why NAT-T support
	is not working. We have already seen those problems on freebsd-net@
	for example.

>How-To-Repeat:
	turn on option NATT in make config compiling on an unpatched
	base system and look at the configure output or try to use the
	package with a patched kernel. There is no error message though
	you said "I want this to be on".

>Fix:
	If NATT is enabled in make config tell gnu configure that we really
	want it and not only optionally want it so the port will fail to
	build if no patched header files are available.

Index: Makefile
===================================================================
RCS file: /local/mirror/FreeBSD/r/pcvs/ports/security/ipsec-tools/Makefile,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile
--- Makefile    16 Jun 2006 16:02:54 -0000      1.13
+++ Makefile    13 Nov 2006 14:12:50 -0000
@@ -89,7 +89,7 @@ CONFIGURE_ARGS+=      --disable-dpd
 .endif
 
 .ifdef(WITH_NATT)
-CONFIGURE_ARGS+=       --enable-natt=kernel
+CONFIGURE_ARGS+=       --enable-natt=yes
 .else
 CONFIGURE_ARGS+=       --disable-natt
 .endif

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Mon Nov 13 18:49:16 UTC 2006 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=105488 

From: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com>
To: bug-followup@FreeBSD.org
Cc: "Bjoern A.Zeeb" <bzeeb+freebsd+ports@zabbadoz.net>
Subject: Re:  ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched
Date: Wed, 15 Nov 2006 15:02:21 +0100

 --qMm9M+Fa2AknHoGS
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Mon, Nov 13, 2006 at 06:49:14PM +0000, Edwin Groothuis wrote:
 > Maintainer of security/ipsec-tools,
 >=20
 > Please note that PR ports/105488 has just been submitted.
 >=20
 > If it contains a patch for an upgrade, an enhancement or a bug fix
 > you agree on, reply to this email stating that you approve the patch
 > and a committer will take care of it.
 >=20
 > The full text of the PR can be found at:
 >     http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/105488
 >=20
 
 Hi.
 
 The main reason why I set up enable-natt=3Dkernel by default is to be
 the more transparent as possible.
 
 People who just don't know what is NAT-T won't care about it (and will
 automagically have it when the patch will be included in FreeBSD's
 CVS), and people who want it should have read the warning about
 needing a kernel patch.
 
 But if you know a way to have a more complex menu option, like
 "yes/no/force", or "yes/if supported/no", and report the option to
 configure (so the default will always be "if supported", but you can
 force to "yes" and have an error if includes don't support NAT-T), it
 would be an interesting patch to report.
 
 
 Yvan.
 
 --=20
 NETASQ
 http://www.netasq.com
 
 --qMm9M+Fa2AknHoGS
 Content-Type: application/x-pkcs7-signature
 Content-Disposition: attachment; filename="smime.p7s"
 Content-Transfer-Encoding: base64
 
 MIINPQYJKoZIhvcNAQcCoIINLjCCDSoCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
 CokwggZ/MIIFZ6ADAgECAgpwxrFIFmvykFosMA0GCSqGSIb3DQEBBAUAMIGRMQswCQYDVQQG
 EwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
 BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5F
 VEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxNDQ0NDNaFw0wNzA3MTUx
 NDQ0NDNaMIHYMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEuMCwGA1UEChMlTkVUQVNR
 IC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRp
 ZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEZMBcGA1UE
 AxMQeXZhbiBWQU5IVUxMRUJVUzEqMCgGCSqGSIb3DQEJARYbeXZhbi52YW5odWxsZWJ1c0Bu
 ZXRhc3EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0quG0Q0oe+uM8lT
 HAklvpFArPSxUE8qM+NzfqOUaMaAI9/+Zg1kFOSrcYYRnB0R7ZGj9H+wk92l6+9jdOJx+1cG
 9wwhCzTFuN1qxiznhXtryOwZ9vZswnAJXH3b0R0hL0CUsv54KWGsZIDI72KHrEx/KThY7iU7
 AMq8/MqGGjSixXzhm89ybWm4N36dWRJvyT3oHFRREDLhGhherC+FJPied4FwIjth7worVD9m
 SVAPgp0WHpAhMqVe4vp4bJvpT9Qrv38cccfEiaaFaUvOCSF7h5gXy6F+D7xV/3adGqAwZ3sI
 o1qN4SijkaI6uqbUP+zslX3t78qHSc7HWhVm4QIDAQABo4ICjjCCAoowDAYDVR0TAQH/BAIw
 ADAdBgNVHQ4EFgQU/CR/mkkP1k1mu7ApVahPzBnqdJowgb4GA1UdIwSBtjCBs4AUJyrrHdlE
 2joXc2oJICDJJaj5f7KhgZekgZQwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRow
 GAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIElu
 dGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0
 aG9yaXR5ggEAMA4GA1UdDwEB/wQEAwIF4DARBglghkgBhvhCAQEEBAMCBaAwKwYJKwYBBAGC
 NxQCBB4eHABTAG0AYQByAHQAYwBhAHIAZABMAG8AZwBvAG4wLAYDVR0lAQH/BCIwIAYIKwYB
 BQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3FAICMCsGA1UdEQQkMCKgIAYKKwYBBAGCNxQCA6AS
 DBB5dmFudkBuZXRhc3EuY29tMIHNBgNVHR8EgcUwgcIwWqBYoFaGVGxkYXA6Ly9wa2kubmV0
 YXNxLmNvbS9jbj1md2NhLG91PWNhcyxvPW5ldGFzcSxkYz1mcj9jZXJ0aWZpY2F0ZVJldm9j
 YXRpb25MaXN0O2JpbmFyeTA4oDagNIYyaHR0cDovL2ludHJhbmV0Lm5ldGFzcS5jb20vaW50
 cmFuZXQvcGtpL25ldGFzcS5jcmwwKqAooCaGJGh0dHA6Ly93d3cubmV0YXNxLmNvbS9wa2kv
 bmV0YXNxLmNybDAfBglghkgBhvhCAQ0EEhYQVXNlciBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
 AQQFAAOCAQEAMlfufwmHT/3KRXLIx0jcRwT9bOboCGMQrI7xK/kk9t0jvGm3KTlVN2uuZ0Hk
 VU2QWqw6hPPoc1mclOPPWfNW4DHGafbIAqritDMoAtwCe7BkeZFaTRcigrnNJhyIjlfTHrrF
 Pz8Iul+ZugtAV8gCrpMPrF/RUJ2wgvUiBrp/1zhTZ0WMini5KK/MEiWgvZKHq0Y4riD9Sw5L
 84TbPcwQmHG4aQhsKkTNC9S80qurRVmTre+Qo68fzGXznPsSU/atH0OCIka3KYcJmrnoFosh
 0fuWOhKRTDfcTVarpCFhFiNvg8gxUxi9kdI2m/u2h7zEYvEH89G4HQ6NFBNvh0XfjjCCBAIw
 ggLqoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwRO
 b3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2Vj
 dXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp
 b24gQXV0aG9yaXR5MB4XDTAyMDIxOTEyMzQ1NVoXDTIyMDIxNDEyMzQ1NVowgZExCzAJBgNV
 BAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwG
 A1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMe
 TkVUQVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAwYBPi3ref6t0tuJMoj5R4H7sa+WMSZwDh4XHjZV5e6P6LObyrleC6oNFDZJr
 gBtKk9Swzfnnf4m3xc0QS9kKCPLFwLpmIK3RCx0K4YYi+uBrrL347kH4UPfrI6KvrYcFpG3Y
 wFZUK+7LZn/Y9HSB6n4gvdiCk7cmkuFr1ifFtDYZqktNUss9yQCPqh0d9dXfuhRV8vyggvVk
 cfTZcCyVpRaDYaDm0j30Urba62KsKxfh6cEAt6kmPUxviGVaoEiiaABDZVSu6PjS17qDcZaQ
 zlnwhLacKyM1zR7+lvfFR03/h6m8JYGBPMP7zccH2uJfufh+Of3AvOfCFZFcNhzHCwIDAQAB
 o2MwYTAdBgNVHQ4EFgQUJyrrHdlE2joXc2oJICDJJaj5f7IwHwYDVR0jBBgwFoAUJyrrHdlE
 2joXc2oJICDJJaj5f7IwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
 hvcNAQEEBQADggEBAJclqFN/WqYmhcZlXabrw6KJQNq/TK6TLDHzwZVcyjn0QhujHRr+EcVp
 aE1pIS4fjsywzpINE3fe9DSlC4IzyeqDq3EtM4eQDSXm4YRGLZp8X2M5TdccmxlElDgZzlVX
 MOlo/Ehhh4vqzSbc1M4FEfETiEV+vLX5MaWEHH8dmzlEL632mOme19QJN6BQKJPmCCj1VbxJ
 DrJSpF01kXFJUtyrA0ilrEG0mA+FLFjfsWuZXzYEPjv1/FIPMlSnCCiW8ZSzwstQX2BhLEi0
 ugZJRpakVMY/TkdoLEErYt0mjZD+d/oXFR7QNzMxAHpDEPmlZRotP1W7sO6kpBP7lyh/Yc4x
 ggJ8MIICeAIBATCBoDCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcT
 EVZpbGxlbmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQg
 Q29ubmVjdGl2aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC
 CnDGsUgWa/KQWiwwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
 CSqGSIb3DQEJBTEPFw0wNjExMTUxNDAyMjFaMCMGCSqGSIb3DQEJBDEWBBQgzpwMZPMWOOFT
 m6wEzxmWj2Ca1zBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
 gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF
 AASCAQAmQl6b1waixunM1DU1xI7vOMVyaEj7lMccJLAXVLTU465VWH/YRa9heRhg8MNclYNH
 5Ahy9B1h46jHxqW8u8DxaKl2oY2wHHU7LMgZyiTPJmCOIk+wvR90EVHGEuq3K7ow51qNMeGP
 y1RUk6lsi/I6yX1O4JQV+qxsfTGRkfCX3lZfAkpy0CiRigq9sy1JRPwPMrav2M8YGpX8f+6k
 kansl3EtVJZRcncvLXeQjjg7vOBzRvyKAH8yiNJenbhqiKZ5B6Uwe/L6qEnIy/2B8EwZQu73
 BmyBUV3u53Fe2GCkJ7CIex8Hmwwek4UnL+gNj6wBVgamrQspKAoz9K7lsQRY
 
 --qMm9M+Fa2AknHoGS--

From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/105488: [patch] security/ipsec-tools: NAT-T support silently
 ignored if header file unpatched
Date: Wed, 15 Nov 2006 21:27:52 +0000 (UTC)

 On Wed, 15 Nov 2006, VANHULLEBUS Yvan wrote:
 
 > People who just don't know what is NAT-T won't care about it (and will
 > automagically have it when the patch will be included in FreeBSD's
 > CVS), and people who want it should have read the warning about
 > needing a kernel patch.
 
 People who won't care don't need it and would leave it to default
 which is off anyway so that case does not matter.
 
 People who want it do not want it to be left out when they have to
 explicitly to turn it on. By turning it on they say "I want this"
 but do not say "I want this maybe". If they do a make package and
 deploy it and it turns out to not be in it might take them hours to
 figure out what went wrong.
 
 It's a YES/NO thing and no MAYBE. If you want a MAYBE do it for
 the default NO case but that will not permit people to leave it out
 when their system would have the header files that support it.
 
 So if you want a MAYBE do not provide an option but that will not
 allow the poeple to chose - that's what the options from make config
 are about.
 
 It's basically like a light switch: you can turn it on and there
 should be light (or something will be wrong and you want to know about
 that) or turn it off and light should be off (and not coincidentally
 stay on).
 
 -- 
 Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT

From: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Cc: bug-followup@FreeBSD.org
Subject: Re:  ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched
Date: Thu, 16 Nov 2006 10:25:44 +0100

 --5mCyUwZo2JvN/JJP
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Wed, Nov 15, 2006 at 09:27:52PM +0000, Bjoern A. Zeeb wrote:
 > On Wed, 15 Nov 2006, VANHULLEBUS Yvan wrote:
 >=20
 > >People who just don't know what is NAT-T won't care about it (and will
 > >automagically have it when the patch will be included in FreeBSD's
 > >CVS), and people who want it should have read the warning about
 > >needing a kernel patch.
 >=20
 > People who won't care don't need it and would leave it to default
 > which is off anyway so that case does not matter.
 
 When this option has been included, I guessed integrating NAT-T
 support in FreeBSD's CVS would be quite fast, so I put the default to
 easy migration when it will be included, even for people who don't
 know what NAT-T means (but which may still need).
 
 This patch integration took lot more time than I hoped (and it is
 still not done).
 
 
 But now lots of people have WITH_NATT=3Dtrue in their
 /var/db/ports/ipsec-tools file, we can't just apply the patch you
 provided, as it would break ipsec-tools compilation for all people
 that don't know what NAT-T is, and who don't know the patch's
 existence.
 
 
 > People who want it do not want it to be left out when they have to
 > explicitly to turn it on. By turning it on they say "I want this"
 > but do not say "I want this maybe". If they do a make package and
 > deploy it and it turns out to not be in it might take them hours to
 > figure out what went wrong.
 >
 > It's a YES/NO thing and no MAYBE. If you want a MAYBE do it for
 > the default NO case but that will not permit people to leave it out
 > when their system would have the header files that support it.
 
 If I used a YES/NO which means Yes =3D> force, NO =3D> maybe, someone else
 whoud already have filled a PR for "I set up NAT-T support to NO and
 it is compiled on my host which have the NAT-T patch !"..........
 
 
 > So if you want a MAYBE do not provide an option but that will not
 > allow the poeple to chose - that's what the options from make config
 > are about.
 
 The only solution to make sure (quite) all people are happy would be
 to have a YES/NO/FORCE (or a YES/TEST/NO, or whatever else, as soon as
 the actual default value in option files don't break things).
 
 Of course, the best long term solution will be to have NAT-T support
 officially integrated in FreeBSD.........
 
 
 
 Yvan.
 
 --=20
 NETASQ
 http://www.netasq.com
 
 --5mCyUwZo2JvN/JJP
 Content-Type: application/x-pkcs7-signature
 Content-Disposition: attachment; filename="smime.p7s"
 Content-Transfer-Encoding: base64
 
 MIINPQYJKoZIhvcNAQcCoIINLjCCDSoCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
 CokwggZ/MIIFZ6ADAgECAgpwxrFIFmvykFosMA0GCSqGSIb3DQEBBAUAMIGRMQswCQYDVQQG
 EwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
 BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5F
 VEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxNDQ0NDNaFw0wNzA3MTUx
 NDQ0NDNaMIHYMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEuMCwGA1UEChMlTkVUQVNR
 IC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRp
 ZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEZMBcGA1UE
 AxMQeXZhbiBWQU5IVUxMRUJVUzEqMCgGCSqGSIb3DQEJARYbeXZhbi52YW5odWxsZWJ1c0Bu
 ZXRhc3EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0quG0Q0oe+uM8lT
 HAklvpFArPSxUE8qM+NzfqOUaMaAI9/+Zg1kFOSrcYYRnB0R7ZGj9H+wk92l6+9jdOJx+1cG
 9wwhCzTFuN1qxiznhXtryOwZ9vZswnAJXH3b0R0hL0CUsv54KWGsZIDI72KHrEx/KThY7iU7
 AMq8/MqGGjSixXzhm89ybWm4N36dWRJvyT3oHFRREDLhGhherC+FJPied4FwIjth7worVD9m
 SVAPgp0WHpAhMqVe4vp4bJvpT9Qrv38cccfEiaaFaUvOCSF7h5gXy6F+D7xV/3adGqAwZ3sI
 o1qN4SijkaI6uqbUP+zslX3t78qHSc7HWhVm4QIDAQABo4ICjjCCAoowDAYDVR0TAQH/BAIw
 ADAdBgNVHQ4EFgQU/CR/mkkP1k1mu7ApVahPzBnqdJowgb4GA1UdIwSBtjCBs4AUJyrrHdlE
 2joXc2oJICDJJaj5f7KhgZekgZQwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRow
 GAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIElu
 dGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0
 aG9yaXR5ggEAMA4GA1UdDwEB/wQEAwIF4DARBglghkgBhvhCAQEEBAMCBaAwKwYJKwYBBAGC
 NxQCBB4eHABTAG0AYQByAHQAYwBhAHIAZABMAG8AZwBvAG4wLAYDVR0lAQH/BCIwIAYIKwYB
 BQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3FAICMCsGA1UdEQQkMCKgIAYKKwYBBAGCNxQCA6AS
 DBB5dmFudkBuZXRhc3EuY29tMIHNBgNVHR8EgcUwgcIwWqBYoFaGVGxkYXA6Ly9wa2kubmV0
 YXNxLmNvbS9jbj1md2NhLG91PWNhcyxvPW5ldGFzcSxkYz1mcj9jZXJ0aWZpY2F0ZVJldm9j
 YXRpb25MaXN0O2JpbmFyeTA4oDagNIYyaHR0cDovL2ludHJhbmV0Lm5ldGFzcS5jb20vaW50
 cmFuZXQvcGtpL25ldGFzcS5jcmwwKqAooCaGJGh0dHA6Ly93d3cubmV0YXNxLmNvbS9wa2kv
 bmV0YXNxLmNybDAfBglghkgBhvhCAQ0EEhYQVXNlciBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
 AQQFAAOCAQEAMlfufwmHT/3KRXLIx0jcRwT9bOboCGMQrI7xK/kk9t0jvGm3KTlVN2uuZ0Hk
 VU2QWqw6hPPoc1mclOPPWfNW4DHGafbIAqritDMoAtwCe7BkeZFaTRcigrnNJhyIjlfTHrrF
 Pz8Iul+ZugtAV8gCrpMPrF/RUJ2wgvUiBrp/1zhTZ0WMini5KK/MEiWgvZKHq0Y4riD9Sw5L
 84TbPcwQmHG4aQhsKkTNC9S80qurRVmTre+Qo68fzGXznPsSU/atH0OCIka3KYcJmrnoFosh
 0fuWOhKRTDfcTVarpCFhFiNvg8gxUxi9kdI2m/u2h7zEYvEH89G4HQ6NFBNvh0XfjjCCBAIw
 ggLqoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwRO
 b3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2Vj
 dXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp
 b24gQXV0aG9yaXR5MB4XDTAyMDIxOTEyMzQ1NVoXDTIyMDIxNDEyMzQ1NVowgZExCzAJBgNV
 BAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwG
 A1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMe
 TkVUQVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAwYBPi3ref6t0tuJMoj5R4H7sa+WMSZwDh4XHjZV5e6P6LObyrleC6oNFDZJr
 gBtKk9Swzfnnf4m3xc0QS9kKCPLFwLpmIK3RCx0K4YYi+uBrrL347kH4UPfrI6KvrYcFpG3Y
 wFZUK+7LZn/Y9HSB6n4gvdiCk7cmkuFr1ifFtDYZqktNUss9yQCPqh0d9dXfuhRV8vyggvVk
 cfTZcCyVpRaDYaDm0j30Urba62KsKxfh6cEAt6kmPUxviGVaoEiiaABDZVSu6PjS17qDcZaQ
 zlnwhLacKyM1zR7+lvfFR03/h6m8JYGBPMP7zccH2uJfufh+Of3AvOfCFZFcNhzHCwIDAQAB
 o2MwYTAdBgNVHQ4EFgQUJyrrHdlE2joXc2oJICDJJaj5f7IwHwYDVR0jBBgwFoAUJyrrHdlE
 2joXc2oJICDJJaj5f7IwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
 hvcNAQEEBQADggEBAJclqFN/WqYmhcZlXabrw6KJQNq/TK6TLDHzwZVcyjn0QhujHRr+EcVp
 aE1pIS4fjsywzpINE3fe9DSlC4IzyeqDq3EtM4eQDSXm4YRGLZp8X2M5TdccmxlElDgZzlVX
 MOlo/Ehhh4vqzSbc1M4FEfETiEV+vLX5MaWEHH8dmzlEL632mOme19QJN6BQKJPmCCj1VbxJ
 DrJSpF01kXFJUtyrA0ilrEG0mA+FLFjfsWuZXzYEPjv1/FIPMlSnCCiW8ZSzwstQX2BhLEi0
 ugZJRpakVMY/TkdoLEErYt0mjZD+d/oXFR7QNzMxAHpDEPmlZRotP1W7sO6kpBP7lyh/Yc4x
 ggJ8MIICeAIBATCBoDCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcT
 EVZpbGxlbmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQg
 Q29ubmVjdGl2aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC
 CnDGsUgWa/KQWiwwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
 CSqGSIb3DQEJBTEPFw0wNjExMTYwOTI1NDRaMCMGCSqGSIb3DQEJBDEWBBQ6FeL6hYDp83eM
 3MZuUJr5SILXfTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
 gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF
 AASCAQAIBdZbnGrvzv+/ZDb8VxWpn84elV1k/slx6Y+uywIK65eVLIdIZn58Ti+jBlYVxM93
 fkCfC7syBvZ3HKczJ0s6hIHeKjUUtJcwfMMIKi276kZct/cc9Y9NR2GWbIAWcHtFyj7s0ZnD
 mAFT/x4K7GLtN89kQg/qeT4YAXKC1Ns3nkE59eg4f7QF7qhoSh5nKFXj/Gd2qhLgk/Kp0M9j
 3TcXSgqdiVmzAIhWIStr2ogWNB7Gys00eAOlpcDngT43IT/Sv3rnurzcILxpXxBb32HhOZCl
 8Sl173s5iU07Ej/6op7I0IEGbpDBLQJ9juiemVb8bZUlf2lr37cW1cTxP3mZ
 
 --5mCyUwZo2JvN/JJP--

From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
To: bug-followup@FreeBSD.org, "Bjoern A. Zeeb" <bz@freebsd.org>, 
	"Bjoern A. Zeeb" <bzeeb+freebsd+ports@zabbadoz.net>, 
	"VANHULLEBUS Yvan" <yvan.vanhullebus@netasq.com>
Cc:  
Subject: Re: ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched
Date: Mon, 4 Dec 2006 07:11:03 +0300

 http://people.freebsd.org/~sat/diffs/ipsec-tools.diff
 
 Approve, please :-)

From: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com>
To: Andrew Pantyukhin <infofarmer@FreeBSD.org>
Cc: bug-followup@FreeBSD.org, "Bjoern A. Zeeb" <bz@freebsd.org>,
	"Bjoern A. Zeeb" <bzeeb+freebsd+ports@zabbadoz.net>
Subject: Re:  ports/105488: [patch] security/ipsec-tools: NAT-T support silently ignored if header file unpatched
Date: Mon, 4 Dec 2006 10:36:35 +0100

 --45Z9DzgjV8m4Oswq
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Mon, Dec 04, 2006 at 07:11:03AM +0300, Andrew Pantyukhin wrote:
 > http://people.freebsd.org/~sat/diffs/ipsec-tools.diff
 >=20
 > Approve, please :-)
 
 I was searching "something to do" with a single define, but it is
 probably as easy to do that.
 
 It provides the requested feature, it won't break things for people
 who already have ipsec-tools and who don't know what "NAT-T" means, so
 it's ok for me.
 
 Thanks for it.
 
 
 Yvan.
 
 --=20
 NETASQ
 http://www.netasq.com
 
 --45Z9DzgjV8m4Oswq
 Content-Type: application/x-pkcs7-signature
 Content-Disposition: attachment; filename="smime.p7s"
 Content-Transfer-Encoding: base64
 
 MIINPQYJKoZIhvcNAQcCoIINLjCCDSoCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
 CokwggZ/MIIFZ6ADAgECAgpwxrFIFmvykFosMA0GCSqGSIb3DQEBBAUAMIGRMQswCQYDVQQG
 EwJGUjENMAsGA1UECBMETm9yZDEaMBgGA1UEBxMRVmlsbGVuZXV2ZSBkJ0FzY3ExLjAsBgNV
 BAoTJU5FVEFTUSAtIFNlY3VyZSBJbnRlcm5ldCBDb25uZWN0aXZpdHkxJzAlBgNVBAsTHk5F
 VEFTUSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNTA3MTUxNDQ0NDNaFw0wNzA3MTUx
 NDQ0NDNaMIHYMQswCQYDVQQGEwJGUjENMAsGA1UECBMETm9yZDEuMCwGA1UEChMlTkVUQVNR
 IC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRp
 ZmljYXRpb24gQXV0aG9yaXR5MRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEZMBcGA1UE
 AxMQeXZhbiBWQU5IVUxMRUJVUzEqMCgGCSqGSIb3DQEJARYbeXZhbi52YW5odWxsZWJ1c0Bu
 ZXRhc3EuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0quG0Q0oe+uM8lT
 HAklvpFArPSxUE8qM+NzfqOUaMaAI9/+Zg1kFOSrcYYRnB0R7ZGj9H+wk92l6+9jdOJx+1cG
 9wwhCzTFuN1qxiznhXtryOwZ9vZswnAJXH3b0R0hL0CUsv54KWGsZIDI72KHrEx/KThY7iU7
 AMq8/MqGGjSixXzhm89ybWm4N36dWRJvyT3oHFRREDLhGhherC+FJPied4FwIjth7worVD9m
 SVAPgp0WHpAhMqVe4vp4bJvpT9Qrv38cccfEiaaFaUvOCSF7h5gXy6F+D7xV/3adGqAwZ3sI
 o1qN4SijkaI6uqbUP+zslX3t78qHSc7HWhVm4QIDAQABo4ICjjCCAoowDAYDVR0TAQH/BAIw
 ADAdBgNVHQ4EFgQU/CR/mkkP1k1mu7ApVahPzBnqdJowgb4GA1UdIwSBtjCBs4AUJyrrHdlE
 2joXc2oJICDJJaj5f7KhgZekgZQwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwROb3JkMRow
 GAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2VjdXJlIElu
 dGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRpb24gQXV0
 aG9yaXR5ggEAMA4GA1UdDwEB/wQEAwIF4DARBglghkgBhvhCAQEEBAMCBaAwKwYJKwYBBAGC
 NxQCBB4eHABTAG0AYQByAHQAYwBhAHIAZABMAG8AZwBvAG4wLAYDVR0lAQH/BCIwIAYIKwYB
 BQUHAwQGCCsGAQUFBwMCBgorBgEEAYI3FAICMCsGA1UdEQQkMCKgIAYKKwYBBAGCNxQCA6AS
 DBB5dmFudkBuZXRhc3EuY29tMIHNBgNVHR8EgcUwgcIwWqBYoFaGVGxkYXA6Ly9wa2kubmV0
 YXNxLmNvbS9jbj1md2NhLG91PWNhcyxvPW5ldGFzcSxkYz1mcj9jZXJ0aWZpY2F0ZVJldm9j
 YXRpb25MaXN0O2JpbmFyeTA4oDagNIYyaHR0cDovL2ludHJhbmV0Lm5ldGFzcS5jb20vaW50
 cmFuZXQvcGtpL25ldGFzcS5jcmwwKqAooCaGJGh0dHA6Ly93d3cubmV0YXNxLmNvbS9wa2kv
 bmV0YXNxLmNybDAfBglghkgBhvhCAQ0EEhYQVXNlciBDZXJ0aWZpY2F0ZTANBgkqhkiG9w0B
 AQQFAAOCAQEAMlfufwmHT/3KRXLIx0jcRwT9bOboCGMQrI7xK/kk9t0jvGm3KTlVN2uuZ0Hk
 VU2QWqw6hPPoc1mclOPPWfNW4DHGafbIAqritDMoAtwCe7BkeZFaTRcigrnNJhyIjlfTHrrF
 Pz8Iul+ZugtAV8gCrpMPrF/RUJ2wgvUiBrp/1zhTZ0WMini5KK/MEiWgvZKHq0Y4riD9Sw5L
 84TbPcwQmHG4aQhsKkTNC9S80qurRVmTre+Qo68fzGXznPsSU/atH0OCIka3KYcJmrnoFosh
 0fuWOhKRTDfcTVarpCFhFiNvg8gxUxi9kdI2m/u2h7zEYvEH89G4HQ6NFBNvh0XfjjCCBAIw
 ggLqoAMCAQICAQAwDQYJKoZIhvcNAQEEBQAwgZExCzAJBgNVBAYTAkZSMQ0wCwYDVQQIEwRO
 b3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwGA1UEChMlTkVUQVNRIC0gU2Vj
 dXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMeTkVUQVNRIENlcnRpZmljYXRp
 b24gQXV0aG9yaXR5MB4XDTAyMDIxOTEyMzQ1NVoXDTIyMDIxNDEyMzQ1NVowgZExCzAJBgNV
 BAYTAkZSMQ0wCwYDVQQIEwROb3JkMRowGAYDVQQHExFWaWxsZW5ldXZlIGQnQXNjcTEuMCwG
 A1UEChMlTkVUQVNRIC0gU2VjdXJlIEludGVybmV0IENvbm5lY3Rpdml0eTEnMCUGA1UECxMe
 TkVUQVNRIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
 MIIBCgKCAQEAwYBPi3ref6t0tuJMoj5R4H7sa+WMSZwDh4XHjZV5e6P6LObyrleC6oNFDZJr
 gBtKk9Swzfnnf4m3xc0QS9kKCPLFwLpmIK3RCx0K4YYi+uBrrL347kH4UPfrI6KvrYcFpG3Y
 wFZUK+7LZn/Y9HSB6n4gvdiCk7cmkuFr1ifFtDYZqktNUss9yQCPqh0d9dXfuhRV8vyggvVk
 cfTZcCyVpRaDYaDm0j30Urba62KsKxfh6cEAt6kmPUxviGVaoEiiaABDZVSu6PjS17qDcZaQ
 zlnwhLacKyM1zR7+lvfFR03/h6m8JYGBPMP7zccH2uJfufh+Of3AvOfCFZFcNhzHCwIDAQAB
 o2MwYTAdBgNVHQ4EFgQUJyrrHdlE2joXc2oJICDJJaj5f7IwHwYDVR0jBBgwFoAUJyrrHdlE
 2joXc2oJICDJJaj5f7IwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
 hvcNAQEEBQADggEBAJclqFN/WqYmhcZlXabrw6KJQNq/TK6TLDHzwZVcyjn0QhujHRr+EcVp
 aE1pIS4fjsywzpINE3fe9DSlC4IzyeqDq3EtM4eQDSXm4YRGLZp8X2M5TdccmxlElDgZzlVX
 MOlo/Ehhh4vqzSbc1M4FEfETiEV+vLX5MaWEHH8dmzlEL632mOme19QJN6BQKJPmCCj1VbxJ
 DrJSpF01kXFJUtyrA0ilrEG0mA+FLFjfsWuZXzYEPjv1/FIPMlSnCCiW8ZSzwstQX2BhLEi0
 ugZJRpakVMY/TkdoLEErYt0mjZD+d/oXFR7QNzMxAHpDEPmlZRotP1W7sO6kpBP7lyh/Yc4x
 ggJ8MIICeAIBATCBoDCBkTELMAkGA1UEBhMCRlIxDTALBgNVBAgTBE5vcmQxGjAYBgNVBAcT
 EVZpbGxlbmV1dmUgZCdBc2NxMS4wLAYDVQQKEyVORVRBU1EgLSBTZWN1cmUgSW50ZXJuZXQg
 Q29ubmVjdGl2aXR5MScwJQYDVQQLEx5ORVRBU1EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkC
 CnDGsUgWa/KQWiwwCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG
 CSqGSIb3DQEJBTEPFw0wNjEyMDQwOTM2MzVaMCMGCSqGSIb3DQEJBDEWBBQiTQfvlVohWyNN
 Pp4rqAAISphv2jBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
 gDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEF
 AASCAQAT13euHJ9X6hxBso9+OFNo3bS+DsdC3RAAhfujUerNTQ/8R32bDrzwTtk1ZSTS6Cm8
 jakIU3+TCspAERSmt2yyRBz2xNBV6J+bMbs+kypwMl5XWbTI5jcbhfx6U5gc62RrZ5I2pdQI
 /tsIHO91Kp6g2KIzdZYgu81CHAnoTNnCOdS3hBnZSzylAvs0upNViNBj3CzqRNvBxB2cllOe
 rFSEBReXm48iVb6p0I1CMuiAiS5xDUhcBVe3zcAYjdTvVy3ioTurtpFHSKVcVy88B+1YBdFe
 dPWzMXYNpce1SqNz4kPQDj2x/oLWcgGFMNrkAUu+5NK0Tro8bbjR4MF+oqZk
 
 --45Z9DzgjV8m4Oswq--
State-Changed-From-To: feedback->closed 
State-Changed-By: sat 
State-Changed-When: Mon Dec 4 10:24:51 UTC 2006 
State-Changed-Why:  
Something committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=105488 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/105488: commit references a PR
Date: Mon,  4 Dec 2006 10:25:45 +0000 (UTC)

 sat         2006-12-04 10:24:33 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/ipsec-tools Makefile 
   Log:
   - An option to force NATT functionality
   - Sneak in master sites beautification and use_ldconfig
     while I'm here
   
   PR:             ports/105488
   Submitted by:   bz
   Approved by:    VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com> (maintainer)
   
   Revision  Changes    Path
   1.14      +7 -3      ports/security/ipsec-tools/Makefile
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
