From nobody@FreeBSD.org  Tue Nov  5 17:47:47 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTP id 95C11756
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Nov 2013 17:47:47 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from oldred.freebsd.org (oldred.freebsd.org [8.8.178.121])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 81DE62968
	for <freebsd-gnats-submit@FreeBSD.org>; Tue,  5 Nov 2013 17:47:47 +0000 (UTC)
Received: from oldred.freebsd.org ([127.0.1.6])
	by oldred.freebsd.org (8.14.5/8.14.7) with ESMTP id rA5HlkoT068394
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 5 Nov 2013 17:47:46 GMT
	(envelope-from nobody@oldred.freebsd.org)
Received: (from nobody@localhost)
	by oldred.freebsd.org (8.14.5/8.14.5/Submit) id rA5HlkAE068391;
	Tue, 5 Nov 2013 17:47:46 GMT
	(envelope-from nobody)
Message-Id: <201311051747.rA5HlkAE068391@oldred.freebsd.org>
Date: Tue, 5 Nov 2013 17:47:46 GMT
From: Francois ten Krooden <strongswan@nanoteq.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [maintainer update] security/strongswan 5.0.4 -> 5.1.1
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         183688
>Category:       ports
>Synopsis:       [maintainer update] security/strongswan 5.0.4 -> 5.1.1
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 05 17:50:00 UTC 2013
>Closed-Date:    Thu Jan 30 12:56:30 UTC 2014
>Last-Modified:  Thu Jan 30 12:56:30 UTC 2014
>Originator:     Francois ten Krooden
>Release:        FreeBSD 9.2
>Organization:
Nanoteq
>Environment:
>Description:
Update port security/strongswan 5.0.4 -> 5.1.1
- Added EAP dynamic proxy module
- Added EAP Radius proxy authentication
- Added DNSSEC/unbound support
- Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: Makefile
===================================================================
--- Makefile	(revision 332396)
+++ Makefile	(working copy)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	strongswan
-PORTVERSION=	5.0.4
-PORTREVISION=	1
+PORTVERSION=	5.1.1
+PORTREVISION=	0
 CATEGORIES=	security
 MASTER_SITES=	http://download.strongswan.org/ \
 		http://download2.strongswan.org/
@@ -37,6 +37,7 @@
 		--enable-blowfish \
 		--enable-addrblock \
 		--enable-whitelist \
+		--enable-cmd \
 		--with-group=wheel  \
 		--with-lib-prefix=${PREFIX}
 
@@ -44,13 +45,21 @@
 MAN5=	ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
 MAN8=	ipsec.8 _updown.8 _updown_espmark.8
 
-OPTIONS_DEFINE=	CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE
+OPTIONS_DEFINE=	CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE
+OPTIONS_DEFINE+= HA IKEv1 IPSECKEY LOADTESTER LDAP MYSQL SQLITE TESTVECTOR UNBOUND XAUTH
 CURL_DESC=	Enable CURL to fetch CRL/OCSP
 EAPAKA3GPP2_DESC=	Enable EAP AKA with 3gpp2 backend
+EAPDYNAMIC_DESC=	Enable EAP dynamic proxy module
+EAPRADIUS_DESC=		Enable EAP Radius proxy authentication
 EAPSIMFILE_DESC=	Enable EAP SIM with file backend
+HA_DESC=	Enable high availability cluster
 IKEv1_DESC=	Enable IKEv1 support (Experimental)
+IPSECKEY_DESC=	Enable authentication with IPSECKEY resource records with DNSSEC
+LOADTESTER_DESC=	Enable load testing plugin
+TESTVECTOR_DESC=	Enable crypto test vectors
+UNBOUND_DESC=	Enable DNSSEC-enabled resolver
+XAUTH_DESC=	Enable XAuth password verification
 
-NO_STAGE=	yes
 .include <bsd.port.options.mk>
 
 # Extra options
@@ -83,6 +92,29 @@
 PLIST_SUB+=SIMAKA="@comment "
 .endif
 
+.if ${PORT_OPTIONS:MEAPDYNAMIC}
+CONFIGURE_ARGS+=        --enable-eap-dynamic
+PLIST_SUB+=     EAPDYNAMIC=""
+.else
+PLIST_SUB+=     EAPDYNAMIC="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MEAPRADIUS}
+CONFIGURE_ARGS+=        --enable-eap-radius
+PLIST_SUB+=     EAPRADIUS=""
+PLIST_SUB+=     RADIUS=""
+.else
+PLIST_SUB+=     EAPRADIUS="@comment "
+PLIST_SUB+=     RADIUS="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MHA}
+CONFIGURE_ARGS+=        --enable-ha
+PLIST_SUB+=     HA=""
+.else
+PLIST_SUB+=     HA="@comment "
+.endif
+
 .if ${PORT_OPTIONS:MIKEv1}
 PLIST_SUB+=	IKEv1=""
 .else
@@ -98,6 +130,20 @@
 PLIST_SUB+=	LDAP="@comment "
 .endif
 
+.if ${PORT_OPTIONS:MLOADTESTER}
+CONFIGURE_ARGS+=        --enable-load-tester
+PLIST_SUB+=     LOADTESTER=""
+.else
+PLIST_SUB+=     LOADTESTER="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MIPSECKEY}
+CONFIGURE_ARGS+=        --enable-ipseckey
+PLIST_SUB+=     IPSECKEY=""
+.else
+PLIST_SUB+=     IPSECKEY="@comment "
+.endif
+
 .if ${PORT_OPTIONS:MMYSQL}
 CONFIGURE_ARGS+=	--enable-mysql
 USE_MYSQL=	yes
@@ -121,11 +167,31 @@
 PLIST_SUB+=	SQL="@comment "
 .endif
 
-.include <bsd.port.pre.mk>
+.if ${PORT_OPTIONS:MUNBOUND}
+CONFIGURE_ARGS+=        --enable-unbound
+LIB_DEPENDS+=   unbound:${PORTSDIR}/dns/unbound
+PLIST_SUB+=     UNBOUND=""
+.else
+PLIST_SUB+=     UNBOUND="@comment "
+.endif
 
+.if ${PORT_OPTIONS:MTESTVECTOR}
+CONFIGURE_ARGS+=        --enable-test-vectors
+PLIST_SUB+=     TESTVECTOR=""
+.else
+PLIST_SUB+=     TESTVECTOR="@comment "
+.endif
+
+.if ${PORT_OPTIONS:MXAUTH}
+CONFIGURE_ARGS+=        --enable-xauth-eap --enable-xauth-generic
+PLIST_SUB+=     XAUTH=""
+.else
+PLIST_SUB+=     XAUTH="@comment "
+.endif
+
 # Requires FreeBSD 8 and above to work
 .if ${OSVERSION} < 800000
 IGNORE=		requires at least FreeBSD 8.X
 .endif
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Index: distinfo
===================================================================
--- distinfo	(revision 332396)
+++ distinfo	(working copy)
@@ -1,2 +1,2 @@
-SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
-SIZE (strongswan-5.0.4.tar.bz2) = 3412930
+SHA256 (strongswan-5.1.1.tar.bz2) = fbf2a668221fc4a36a34bdeac2dfeda25b96f572d551df022585177953622406
+SIZE (strongswan-5.1.1.tar.bz2) = 3673200
Index: files/patch-src__Makefile.am
===================================================================
--- files/patch-src__Makefile.am	(revision 0)
+++ files/patch-src__Makefile.am	(working copy)
@@ -0,0 +1,8 @@
+--- src.old/Makefile.am	2013-11-01 19:26:37.000000000 +0200
++++ src/Makefile.am	2013-11-01 20:37:18.000000000 +0200
+@@ -120,4 +120,4 @@
+ 
+ install-exec-local :
+ 		test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
+-		test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
++		test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf.sample" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf.sample || true

Property changes on: files/patch-src__Makefile.am
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: files/patch-src__Makefile.in
===================================================================
--- files/patch-src__Makefile.in	(revision 0)
+++ files/patch-src__Makefile.in	(working copy)
@@ -0,0 +1,11 @@
+--- src.old/Makefile.in	2013-11-01 19:26:37.000000000 +0200
++++ src/Makefile.in	2013-11-01 20:37:58.000000000 +0200
+@@ -737,7 +737,7 @@
+ 
+ install-exec-local :
+ 		test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)"
+-		test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true
++		test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf.sample" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf.sample || true
+ 
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.

Property changes on: files/patch-src__Makefile.in
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Index: files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in
===================================================================
--- files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in	(revision 0)
+++ files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in	(working copy)
@@ -0,0 +1,13 @@
+--- src.old/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2013-11-01 19:26:36.000000000 +0200
++++ src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2013-11-01 19:32:17.000000000 +0200
+@@ -790,6 +790,9 @@
+ /*	{ENCR_DES_IV64,				0							}, */
+ 	{ENCR_DES,					SADB_EALG_DESCBC			},
+ 	{ENCR_3DES,					SADB_EALG_3DESCBC			},
++#ifdef SADB_X_EALG_CAMELLIACBC
++	{ENCR_CAMELLIA_CBC,         SADB_X_EALG_CAMELLIACBC     },
++#endif
+ /*	{ENCR_RC5,					0							}, */
+ /*	{ENCR_IDEA,					0							}, */
+ 	{ENCR_CAST,					SADB_X_EALG_CASTCBC			},
+ 

Property changes on: files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Index: files/patch-src__starter__Makefile.am
===================================================================
--- files/patch-src__starter__Makefile.am	(revision 0)
+++ files/patch-src__starter__Makefile.am	(working copy)
@@ -0,0 +1,8 @@
+--- src.old/starter/Makefile.am	2013-11-01 19:26:36.000000000 +0200
++++ src/starter/Makefile.am	2013-11-01 20:38:39.000000000 +0200
+@@ -54,4 +54,4 @@
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+-		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
++		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf.sample" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf.sample || true

Property changes on: files/patch-src__starter__Makefile.am
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: files/patch-src__starter__Makefile.in
===================================================================
--- files/patch-src__starter__Makefile.in	(revision 0)
+++ files/patch-src__starter__Makefile.in	(working copy)
@@ -0,0 +1,11 @@
+--- src.old/starter/Makefile.in	2013-11-01 19:26:36.000000000 +0200
++++ src/starter/Makefile.in	2013-11-01 20:39:02.000000000 +0200
+@@ -794,7 +794,7 @@
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/crls" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/crls" || true
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/reqs" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)/ipsec.d/reqs" || true
+ 		test -e "$(DESTDIR)${sysconfdir}/ipsec.d/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(sysconfdir)/ipsec.d/private" || true
+-		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf || true
++		test -e "$(DESTDIR)$(sysconfdir)/ipsec.conf.sample" || $(INSTALL) -m 644 $(srcdir)/ipsec.conf $(DESTDIR)$(sysconfdir)/ipsec.conf.sample || true
+ 
+ # Tell versions [3.59,3.63) of GNU make to not export all variables.
+ # Otherwise a system limit (for SysV at least) may be exceeded.

Property changes on: files/patch-src__starter__Makefile.in
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: pkg-plist
===================================================================
--- pkg-plist	(revision 332396)
+++ pkg-plist	(working copy)
@@ -1,5 +1,5 @@
-etc/ipsec.conf
-etc/strongswan.conf
+etc/ipsec.conf.sample
+etc/strongswan.conf.sample
 lib/ipsec/libcharon.a
 lib/ipsec/libcharon.la
 lib/ipsec/libcharon.so
@@ -97,6 +97,9 @@
 lib/ipsec/plugins/libstrongswan-pkcs8.a
 lib/ipsec/plugins/libstrongswan-pkcs8.la
 lib/ipsec/plugins/libstrongswan-pkcs8.so
+lib/ipsec/plugins/libstrongswan-pkcs12.a
+lib/ipsec/plugins/libstrongswan-pkcs12.la
+lib/ipsec/plugins/libstrongswan-pkcs12.so
 lib/ipsec/plugins/libstrongswan-pubkey.a
 lib/ipsec/plugins/libstrongswan-pubkey.la
 lib/ipsec/plugins/libstrongswan-pubkey.so
@@ -103,6 +106,9 @@
 lib/ipsec/plugins/libstrongswan-random.a
 lib/ipsec/plugins/libstrongswan-random.la
 lib/ipsec/plugins/libstrongswan-random.so
+lib/ipsec/plugins/libstrongswan-rc2.a
+lib/ipsec/plugins/libstrongswan-rc2.la
+lib/ipsec/plugins/libstrongswan-rc2.so
 lib/ipsec/plugins/libstrongswan-resolve.a
 lib/ipsec/plugins/libstrongswan-resolve.la
 lib/ipsec/plugins/libstrongswan-resolve.so
@@ -118,6 +124,9 @@
 lib/ipsec/plugins/libstrongswan-socket-default.a
 lib/ipsec/plugins/libstrongswan-socket-default.la
 lib/ipsec/plugins/libstrongswan-socket-default.so
+lib/ipsec/plugins/libstrongswan-sshkey.a
+lib/ipsec/plugins/libstrongswan-sshkey.la
+lib/ipsec/plugins/libstrongswan-sshkey.so
 lib/ipsec/plugins/libstrongswan-stroke.a
 lib/ipsec/plugins/libstrongswan-stroke.la
 lib/ipsec/plugins/libstrongswan-stroke.so
@@ -141,6 +150,11 @@
 libexec/ipsec/stroke
 libexec/ipsec/whitelist
 sbin/ipsec
+sbin/charon-cmd
+%%RADIUS%%lib/ipsec/libradius.a
+%%RADIUS%%lib/ipsec/libradius.la
+%%RADIUS%%lib/ipsec/libradius.so
+%%RADIUS%%lib/ipsec/libradius.so.0
 %%SIMAKA%%lib/ipsec/libsimaka.a
 %%SIMAKA%%lib/ipsec/libsimaka.la
 %%SIMAKA%%lib/ipsec/libsimaka.so
@@ -154,6 +168,12 @@
 %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.a
 %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.la
 %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.so
+%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.a
+%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.la
+%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.so
+%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.a
+%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.la
+%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.so
 %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.a
 %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.la
 %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.so
@@ -163,9 +183,19 @@
 %%CURL%%lib/ipsec/plugins/libstrongswan-curl.a
 %%CURL%%lib/ipsec/plugins/libstrongswan-curl.la
 %%CURL%%lib/ipsec/plugins/libstrongswan-curl.so
+%%HA%%lib/ipsec/plugins/libstrongswan-ha.a
+%%HA%%lib/ipsec/plugins/libstrongswan-ha.la
+%%HA%%lib/ipsec/plugins/libstrongswan-ha.so
 %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.a
 %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.la
 %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.so
+%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.a
+%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.la
+%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.so
+%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.a
+%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.la
+%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.so
+%%LOADTESTER%%libexec/ipsec/load-tester
 %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.a
 %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.la
 %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.so
@@ -182,6 +212,15 @@
 %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.a
 %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.la
 %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.so
+%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.a
+%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.la
+%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.so
+%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.a
+%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.la
+%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.so
+%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.a
+%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.la
+%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.so
 @dirrm libexec/ipsec
 @dirrm lib/ipsec/plugins
 @dirrm lib/ipsec


>Release-Note:
>Audit-Trail:

From: David Shane Holden <dpejesh@yahoo.com>
To: bug-followup@FreeBSD.org, strongswan@nanoteq.com
Cc:  
Subject: Re: ports/183688: [maintainer update] security/strongswan 5.0.4 ->
 5.1.1
Date: Tue, 05 Nov 2013 20:19:12 -0500

 I actually had a patch for this which I was planning on sending, but you 
 beat me to it.  I have a couple of questions/suggestions though.
 
 * If the config files are going to be used as samples I think they 
 should be moved to share/examples/strongswan instead of being left in 
 etc.  I know other ports are dumping samples in etc and I think it's tacky.
 
 * I couldn't find any reference to your patch to kernel_pfkey_ipsec.c 
 anywhere. Does it fix a bug or is it just an optimization that you've 
 tested?  Either way, seems that it belongs upstream and not a patch in 
 the ports tree since other platforms use the pfkey interface too.
 
 * 5.1.0 also added the kernel-libipsec plugin which looks like it might 
 be worth having a config option for.
 
 -- Dave

From: strongswan <strongswan@Nanoteq.com>
To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>
Cc:  
Subject: RE: ports/183688: [maintainer update] security/strongswan 5.0.4 ->
 5.1.1
Date: Mon, 11 Nov 2013 12:14:51 +0200

 Hi David
 
 Thanks for the feedback.
 
 I will look into changing the config file locations, this should just requi=
 re some additional modifications to the make files (Will see if I can inclu=
 de this in a future patch)
 The pfkey patch only adds the camellia algorithm, it is actually in FreeBSD=
  but it was never included in the pfkey interface.
 I also wanted to include the AES-GCM algorithms but the kernel patches for =
 these have not made it into HEAD yet.
 
 I will have a look at the libipsec plugin.  I managed to get a mostly autom=
 ated testing setup for strongSwan now, so new releases should be fairly qui=
 ck to test.
 
 Kind Regards
 Francois ten Krooden.
 
 ________________________________________
 From: David Shane Holden [dpejesh@yahoo.com]
 Sent: Wednesday, November 06, 2013 3:19 AM
 To: bug-followup@FreeBSD.org; strongswan
 Subject: Re: ports/183688: [maintainer update] security/strongswan 5.0.4 ->=
  5.1.1
 
 I actually had a patch for this which I was planning on sending, but you
 beat me to it.  I have a couple of questions/suggestions though.
 
 * If the config files are going to be used as samples I think they
 should be moved to share/examples/strongswan instead of being left in
 etc.  I know other ports are dumping samples in etc and I think it's tacky.
 
 * I couldn't find any reference to your patch to kernel_pfkey_ipsec.c
 anywhere. Does it fix a bug or is it just an optimization that you've
 tested?  Either way, seems that it belongs upstream and not a patch in
 the ports tree since other platforms use the pfkey interface too.
 
 * 5.1.0 also added the kernel-libipsec plugin which looks like it might
 be worth having a config option for.
 
 -- Dave
 
 Important Notice:
 
 This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail le=
 gal notice available at:
 http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx
 
 

From: David Shane Holden <dpejesh@yahoo.com>
To: Francois ten Krooden <ftk@Nanoteq.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/183688: [maintainer update] security/strongswan 5.0.4 ->
 5.1.1
Date: Mon, 18 Nov 2013 19:42:35 -0500

 This is a multi-part message in MIME format.
 --------------030902010007060501090309
 Content-Type: text/plain; charset=ISO-8859-1; format=flowed
 Content-Transfer-Encoding: 7bit
 
 Hey Francois,
 
 I updated your original patch a bit.  First, I used the post-install 
 target to move the config files to share/examples/strongswan.  Since 
 we're using staging this should be a cleaner approach than patching the 
 makefiles.  I also added an option for --enable-kernel-libipsec as well 
 as updated vuln.xml for the 3 CVE's that were fixed in this release.
 
 If for some reason the attachment doesn't make it through, I have a copy 
 of it at 
 https://googledrive.com/host/0B0OQnKtejJEMdU1IaF9UX0dfNDA/strongswan.patch
 
 -- Dave
 
 
 --------------030902010007060501090309
 Content-Type: text/x-patch;
  name="strongswan.patch"
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
  filename="strongswan.patch"
 
 diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile
 index 9c73792..4e61d98 100644
 --- a/security/strongswan/Makefile
 +++ b/security/strongswan/Makefile
 @@ -2,8 +2,7 @@
  # $FreeBSD$
  
  PORTNAME=	strongswan
 -PORTVERSION=	5.0.4
 -PORTREVISION=	1
 +PORTVERSION=	5.1.1
  CATEGORIES=	security
  MASTER_SITES=	http://download.strongswan.org/ \
  		http://download2.strongswan.org/
 @@ -37,6 +36,7 @@ CONFIGURE_ARGS=	--enable-kernel-pfkey \
  		--enable-blowfish \
  		--enable-addrblock \
  		--enable-whitelist \
 +		--enable-cmd \
  		--with-group=wheel  \
  		--with-lib-prefix=${PREFIX}
  
 @@ -44,13 +44,23 @@ CONFIGURE_ARGS=	--enable-kernel-pfkey \
  MAN5=	ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
  MAN8=	ipsec.8 _updown.8 _updown_espmark.8
  
 -OPTIONS_DEFINE=	CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE
 +OPTIONS_DEFINE=	 CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE HA IKEv1
 +OPTIONS_DEFINE+= IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE
 +OPTIONS_DEFINE+= TESTVECTOR UNBOUND XAUTH
  CURL_DESC=	Enable CURL to fetch CRL/OCSP
  EAPAKA3GPP2_DESC=	Enable EAP AKA with 3gpp2 backend
 +EAPDYNAMIC_DESC=	Enable EAP dynamic proxy module
 +EAPRADIUS_DESC=		Enable EAP Radius proxy authentication
  EAPSIMFILE_DESC=	Enable EAP SIM with file backend
 -IKEv1_DESC=	Enable IKEv1 support (Experimental)
 +HA_DESC=	Enable high availability cluster
 +IKEv1_DESC=	Enable IKEv1 support
 +IPSECKEY_DESC=	Enable authentication with IPSECKEY resource records with DNSSEC
 +KERNELLIBIPSEC_DESC=   Enable IPSec userland backend
 +LOADTESTER_DESC=	Enable load testing plugin
 +TESTVECTOR_DESC=	Enable crypto test vectors
 +UNBOUND_DESC=	Enable DNSSEC-enabled resolver
 +XAUTH_DESC=	Enable XAuth password verification
  
 -NO_STAGE=	yes
  .include <bsd.port.options.mk>
  
  # Extra options
 @@ -83,6 +93,29 @@ PLIST_SUB+=SIMAKA=""
  PLIST_SUB+=SIMAKA="@comment "
  .endif
  
 +.if ${PORT_OPTIONS:MEAPDYNAMIC}
 +CONFIGURE_ARGS+=        --enable-eap-dynamic
 +PLIST_SUB+=     EAPDYNAMIC=""
 +.else
 +PLIST_SUB+=     EAPDYNAMIC="@comment "
 +.endif
 +
 +.if ${PORT_OPTIONS:MEAPRADIUS}
 +CONFIGURE_ARGS+=        --enable-eap-radius
 +PLIST_SUB+=     EAPRADIUS=""
 +PLIST_SUB+=     RADIUS=""
 +.else
 +PLIST_SUB+=     EAPRADIUS="@comment "
 +PLIST_SUB+=     RADIUS="@comment "
 +.endif
 +
 +.if ${PORT_OPTIONS:MHA}
 +CONFIGURE_ARGS+=        --enable-ha
 +PLIST_SUB+=     HA=""
 +.else
 +PLIST_SUB+=     HA="@comment "
 +.endif
 +
  .if ${PORT_OPTIONS:MIKEv1}
  PLIST_SUB+=	IKEv1=""
  .else
 @@ -90,6 +123,13 @@ CONFIGURE_ARGS+=	--disable-ikev1
  PLIST_SUB+=	IKEv1="@comment "
  .endif
  
 +.if ${PORT_OPTIONS:MKERNELLIBIPSEC}
 +CONFIGURE_ARGS+=       --enable-kernel-libipsec
 +PLIST_SUB+=    KERNELLIBIPSEC=""
 +.else
 +PLIST_SUB+=    KERNELLIBIPSEC="@comment "
 +.endif
 +
  .if ${PORT_OPTIONS:MLDAP}
  USE_OPENLDAP=	yes
  CONFIGURE_ARGS+=	--enable-ldap
 @@ -98,6 +138,20 @@ PLIST_SUB+=	LDAP=""
  PLIST_SUB+=	LDAP="@comment "
  .endif
  
 +.if ${PORT_OPTIONS:MLOADTESTER}
 +CONFIGURE_ARGS+=        --enable-load-tester
 +PLIST_SUB+=     LOADTESTER=""
 +.else
 +PLIST_SUB+=     LOADTESTER="@comment "
 +.endif
 +
 +.if ${PORT_OPTIONS:MIPSECKEY}
 +CONFIGURE_ARGS+=        --enable-ipseckey
 +PLIST_SUB+=     IPSECKEY=""
 +.else
 +PLIST_SUB+=     IPSECKEY="@comment "
 +.endif
 +
  .if ${PORT_OPTIONS:MMYSQL}
  CONFIGURE_ARGS+=	--enable-mysql
  USE_MYSQL=	yes
 @@ -121,11 +175,36 @@ PLIST_SUB+=	SQL=""
  PLIST_SUB+=	SQL="@comment "
  .endif
  
 -.include <bsd.port.pre.mk>
 +.if ${PORT_OPTIONS:MUNBOUND}
 +CONFIGURE_ARGS+=        --enable-unbound
 +LIB_DEPENDS+=   unbound:${PORTSDIR}/dns/unbound
 +PLIST_SUB+=     UNBOUND=""
 +.else
 +PLIST_SUB+=     UNBOUND="@comment "
 +.endif
 +
 +.if ${PORT_OPTIONS:MTESTVECTOR}
 +CONFIGURE_ARGS+=        --enable-test-vectors
 +PLIST_SUB+=     TESTVECTOR=""
 +.else
 +PLIST_SUB+=     TESTVECTOR="@comment "
 +.endif
 +
 +.if ${PORT_OPTIONS:MXAUTH}
 +CONFIGURE_ARGS+=        --enable-xauth-eap --enable-xauth-generic
 +PLIST_SUB+=     XAUTH=""
 +.else
 +PLIST_SUB+=     XAUTH="@comment "
 +.endif
  
  # Requires FreeBSD 8 and above to work
  .if ${OSVERSION} < 800000
  IGNORE=		requires at least FreeBSD 8.X
  .endif
  
 -.include <bsd.port.post.mk>
 +post-install:
 +	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 +	${MV} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESDIR}
 +	${MV} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR}
 +
 +.include <bsd.port.mk>
 diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo
 index ff76032..9c39d66 100644
 --- a/security/strongswan/distinfo
 +++ b/security/strongswan/distinfo
 @@ -1,2 +1,2 @@
 -SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
 -SIZE (strongswan-5.0.4.tar.bz2) = 3412930
 +SHA256 (strongswan-5.1.1.tar.bz2) = fbf2a668221fc4a36a34bdeac2dfeda25b96f572d551df022585177953622406
 +SIZE (strongswan-5.1.1.tar.bz2) = 3673200
 diff --git a/security/strongswan/files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in b/security/strongswan/files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in
 new file mode 100644
 index 0000000..033b2a3
 --- /dev/null
 +++ b/security/strongswan/files/patch-src__libhydra__plugins__kernel_pfkey__kernel_pfkey_ipsec.c.in
 @@ -0,0 +1,13 @@
 +--- src.old/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2013-11-01 19:26:36.000000000 +0200
 ++++ src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c	2013-11-01 19:32:17.000000000 +0200
 +@@ -790,6 +790,9 @@
 + /*	{ENCR_DES_IV64,				0							}, */
 + 	{ENCR_DES,					SADB_EALG_DESCBC			},
 + 	{ENCR_3DES,					SADB_EALG_3DESCBC			},
 ++#ifdef SADB_X_EALG_CAMELLIACBC
 ++	{ENCR_CAMELLIA_CBC,         SADB_X_EALG_CAMELLIACBC     },
 ++#endif
 + /*	{ENCR_RC5,					0							}, */
 + /*	{ENCR_IDEA,					0							}, */
 + 	{ENCR_CAST,					SADB_X_EALG_CASTCBC			},
 + 
 diff --git a/security/strongswan/pkg-plist b/security/strongswan/pkg-plist
 index 170f10d..c88bab3 100644
 --- a/security/strongswan/pkg-plist
 +++ b/security/strongswan/pkg-plist
 @@ -1,5 +1,3 @@
 -etc/ipsec.conf
 -etc/strongswan.conf
  lib/ipsec/libcharon.a
  lib/ipsec/libcharon.la
  lib/ipsec/libcharon.so
 @@ -97,12 +95,18 @@ lib/ipsec/plugins/libstrongswan-pkcs7.so
  lib/ipsec/plugins/libstrongswan-pkcs8.a
  lib/ipsec/plugins/libstrongswan-pkcs8.la
  lib/ipsec/plugins/libstrongswan-pkcs8.so
 +lib/ipsec/plugins/libstrongswan-pkcs12.a
 +lib/ipsec/plugins/libstrongswan-pkcs12.la
 +lib/ipsec/plugins/libstrongswan-pkcs12.so
  lib/ipsec/plugins/libstrongswan-pubkey.a
  lib/ipsec/plugins/libstrongswan-pubkey.la
  lib/ipsec/plugins/libstrongswan-pubkey.so
  lib/ipsec/plugins/libstrongswan-random.a
  lib/ipsec/plugins/libstrongswan-random.la
  lib/ipsec/plugins/libstrongswan-random.so
 +lib/ipsec/plugins/libstrongswan-rc2.a
 +lib/ipsec/plugins/libstrongswan-rc2.la
 +lib/ipsec/plugins/libstrongswan-rc2.so
  lib/ipsec/plugins/libstrongswan-resolve.a
  lib/ipsec/plugins/libstrongswan-resolve.la
  lib/ipsec/plugins/libstrongswan-resolve.so
 @@ -118,6 +122,9 @@ lib/ipsec/plugins/libstrongswan-sha2.so
  lib/ipsec/plugins/libstrongswan-socket-default.a
  lib/ipsec/plugins/libstrongswan-socket-default.la
  lib/ipsec/plugins/libstrongswan-socket-default.so
 +lib/ipsec/plugins/libstrongswan-sshkey.a
 +lib/ipsec/plugins/libstrongswan-sshkey.la
 +lib/ipsec/plugins/libstrongswan-sshkey.so
  lib/ipsec/plugins/libstrongswan-stroke.a
  lib/ipsec/plugins/libstrongswan-stroke.la
  lib/ipsec/plugins/libstrongswan-stroke.so
 @@ -141,6 +148,13 @@ libexec/ipsec/starter
  libexec/ipsec/stroke
  libexec/ipsec/whitelist
  sbin/ipsec
 +sbin/charon-cmd
 +share/examples/strongswan/ipsec.conf
 +share/examples/strongswan/strongswan.conf
 +%%RADIUS%%lib/ipsec/libradius.a
 +%%RADIUS%%lib/ipsec/libradius.la
 +%%RADIUS%%lib/ipsec/libradius.so
 +%%RADIUS%%lib/ipsec/libradius.so.0
  %%SIMAKA%%lib/ipsec/libsimaka.a
  %%SIMAKA%%lib/ipsec/libsimaka.la
  %%SIMAKA%%lib/ipsec/libsimaka.so
 @@ -154,6 +168,12 @@ sbin/ipsec
  %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.a
  %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.la
  %%EAPAKA3GPP2%%lib/ipsec/plugins/libstrongswan-gmp.so
 +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.a
 +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.la
 +%%EAPDYNAMIC%%lib/ipsec/plugins/libstrongswan-eap-dynamic.so
 +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.a
 +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.la
 +%%EAPRADIUS%%lib/ipsec/plugins/libstrongswan-eap-radius.so
  %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.a
  %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.la
  %%EAPSIMFILE%%lib/ipsec/plugins/libstrongswan-eap-sim.so
 @@ -163,9 +183,26 @@ sbin/ipsec
  %%CURL%%lib/ipsec/plugins/libstrongswan-curl.a
  %%CURL%%lib/ipsec/plugins/libstrongswan-curl.la
  %%CURL%%lib/ipsec/plugins/libstrongswan-curl.so
 +%%HA%%lib/ipsec/plugins/libstrongswan-ha.a
 +%%HA%%lib/ipsec/plugins/libstrongswan-ha.la
 +%%HA%%lib/ipsec/plugins/libstrongswan-ha.so
  %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.a
  %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.la
  %%IKEv1%%lib/ipsec/plugins/libstrongswan-xauth-generic.so
 +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.a
 +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.la
 +%%IPSECKEY%%lib/ipsec/plugins/libstrongswan-ipseckey.so
 +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.a
 +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.la
 +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.so
 +%%KERNELLIBIPSEC%%lib/ipsec/libipsec.so.0
 +%%KERNELLIBIPSEC%%lib/ipsec/plugins/libstrongswan-kernel-libipsec.a
 +%%KERNELLIBIPSEC%%lib/ipsec/plugins/libstrongswan-kernel-libipsec.la
 +%%KERNELLIBIPSEC%%lib/ipsec/plugins/libstrongswan-kernel-libipsec.so
 +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.a
 +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.la
 +%%LOADTESTER%%lib/ipsec/plugins/libstrongswan-load-tester.so
 +%%LOADTESTER%%libexec/ipsec/load-tester
  %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.a
  %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.la
  %%LDAP%%lib/ipsec/plugins/libstrongswan-ldap.so
 @@ -182,6 +219,15 @@ sbin/ipsec
  %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.a
  %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.la
  %%SQLITE%%lib/ipsec/plugins/libstrongswan-sqlite.so
 +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.a
 +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.la
 +%%TESTVECTOR%%lib/ipsec/plugins/libstrongswan-test-vectors.so
 +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.a
 +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.la
 +%%UNBOUND%%lib/ipsec/plugins/libstrongswan-unbound.so
 +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.a
 +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.la
 +%%XAUTH%%lib/ipsec/plugins/libstrongswan-xauth-eap.so
  @dirrm libexec/ipsec
  @dirrm lib/ipsec/plugins
  @dirrm lib/ipsec
 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
 index 85ec7b9..e8395be 100644
 --- a/security/vuxml/vuln.xml
 +++ b/security/vuxml/vuln.xml
 @@ -51,6 +51,44 @@ Note:  Please add new entries to the beginning of this file.
  
  -->
  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
 +  <vuln vid="fb3c1452-4599-11e3-8fb6-001cc0b0c9d4">
 +    <topic>strongswan -- multiple vulnerabilities</topic>
 +    <affects>
 +      <package>
 +	<name>strongswan</name>
 +	<range><lt>5.1.1</lt></range>
 +      </package>
 +    </affects>
 +    <description>
 +      <body xmlns="http://www.w3.org/1999/xhtml">
 +	<p>strongSwan security team reports:</p>
 +	<blockquote cite="http://wiki.strongswan.org/projects/strongswan/wiki/Changelog51">
 +	  <p>CVE-2013-5018</p>
 +	  <p>Fixed a denial-of-service vulnerability triggered by specific XAuth
 +	     usernames and EAP identities (since 5.0.3), and PEM files (since 4.1.11).
 +	     The crash was caused by insufficient error handling in the is_asn1()
 +	     function.</p>
 +	  <p>CVE-2013-6075</p>
 +	  <p>Fixed a denial-of-service vulnerability triggered by a crafted IKEv1
 +	     fragmentation payload. The cause is a NULL pointer dereference.</p>
 +	  <p>CVE-2013-6076</p>
 +	  <p>Fixed a denial-of-service vulnerability and potential authorization bypass
 +	     triggered by a crafted ID_DER_ASN1_DN ID payload. The cause is an
 +	     insufficient length check when comparing such identities.</p>
 +	</blockquote>
 +      </body>
 +    </description>
 +    <references>
 +      <cvename>CVE-2013-5018</cvename>
 +      <cvename>CVE-2013-6075</cvename>
 +      <cvename>CVE-2013-6076</cvename>
 +    </references>
 +    <dates>
 +      <discovery>2013-11-01</discovery>
 +      <entry>2013-11-18</entry>
 +    </dates>
 +  </vuln>
 +
    <vuln vid="e62ab2af-4df4-11e3-b0cf-00262d5ed8ee">
      <topic>chromium -- multiple memory corruption issues</topic>
      <affects>
 
 --------------030902010007060501090309--

From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>
To: bug-followup@FreeBSD.org, strongswan@nanoteq.com
Cc: security-officer@FreeBSD.org
Subject: Re: ports/183688: [maintainer update] security/strongswan 5.0.4 -&gt;
 5.1.1
Date: Mon, 06 Jan 2014 17:30:39 +1100

 The patches discussed in Nov, 2013 should be committed to ports to
 address the DOS, user impersonation or access restriction bypass
 vulnerabilities, as soon as testing is complete.  Please refer to:
 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6075
 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6076
 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5018
 for details.

From: Francois ten Krooden <francoistk@gmail.com>
To: bug-followup@freebsd.org, strongswan@nanoteq.com
Cc: dewayne.geraghty@heuristicsystems.com.au, dycuo123@gmail.com
Subject: Re: ports/183688: [maintainer update] security/strongswan 5.0.4 -> 5.1.1
Date: Mon, 6 Jan 2014 16:16:53 +0200

 --001a1134495a8b043a04ef4dead8
 Content-Type: text/plain; charset=ISO-8859-1
 
 Hi
 
 The three vulnerabilities
 -https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6075
 -https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6076
 -https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5018
 Is fixed in the v5.1.1 version
 
 I attached a slightly modified patch with the high avalability option
 removed, since this is not working correctly on FreeBSD and requires
 some specifics to the Linux implementation.
 
 The patch was fully tested on our test setup and passed all the same
 tests as the previous port.
 
 Just awaiting a commit to the ports tree.
 
 Kind Regards
 Francois ten Krooden
 
 --001a1134495a8b043a04ef4dead8
 Content-Type: text/plain; charset=US-ASCII; name="strongswan.diff.txt"
 Content-Disposition: attachment; filename="strongswan.diff.txt"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_hq3ta50r0
 
 SW5kZXg6IE1ha2VmaWxlCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIE1ha2VmaWxlCShyZXZpc2lvbiAzMzg4Nzcp
 CisrKyBNYWtlZmlsZQkod29ya2luZyBjb3B5KQpAQCAtMiw4ICsyLDcgQEAKICMgJEZyZWVCU0Qk
 CiAKIFBPUlROQU1FPQlzdHJvbmdzd2FuCi1QT1JUVkVSU0lPTj0JNS4wLjQKLVBPUlRSRVZJU0lP
 Tj0JMQorUE9SVFZFUlNJT049CTUuMS4xCiBDQVRFR09SSUVTPQlzZWN1cml0eQogTUFTVEVSX1NJ
 VEVTPQlodHRwOi8vZG93bmxvYWQuc3Ryb25nc3dhbi5vcmcvIFwKIAkJaHR0cDovL2Rvd25sb2Fk
 Mi5zdHJvbmdzd2FuLm9yZy8KQEAgLTM3LDYgKzM2LDcgQEAKIAkJLS1lbmFibGUtYmxvd2Zpc2gg
 XAogCQktLWVuYWJsZS1hZGRyYmxvY2sgXAogCQktLWVuYWJsZS13aGl0ZWxpc3QgXAorCQktLWVu
 YWJsZS1jbWQgXAogCQktLXdpdGgtZ3JvdXA9d2hlZWwgIFwKIAkJLS13aXRoLWxpYi1wcmVmaXg9
 JHtQUkVGSVh9CiAKQEAgLTQ0LDEzICs0NCwyMiBAQAogTUFONT0JaXBzZWMuY29uZi41IGlwc2Vj
 LnNlY3JldHMuNSBzdHJvbmdzd2FuLmNvbmYuNQogTUFOOD0JaXBzZWMuOCBfdXBkb3duLjggX3Vw
 ZG93bl9lc3BtYXJrLjgKIAotT1BUSU9OU19ERUZJTkU9CUNVUkwgRUFQQUtBM0dQUDIgRUFQU0lN
 RklMRSBJS0V2MSBMREFQIE1ZU1FMIFNRTElURQorT1BUSU9OU19ERUZJTkU9CSBDVVJMIEVBUEFL
 QTNHUFAyIEVBUERZTkFNSUMgRUFQUkFESVVTIEVBUFNJTUZJTEUgSUtFdjEKK09QVElPTlNfREVG
 SU5FKz0gSVBTRUNLRVkgS0VSTkVMTElCSVBTRUMgTE9BRFRFU1RFUiBMREFQIE1ZU1FMIFNRTElU
 RQorT1BUSU9OU19ERUZJTkUrPSBURVNUVkVDVE9SIFVOQk9VTkQgWEFVVEgKIENVUkxfREVTQz0J
 RW5hYmxlIENVUkwgdG8gZmV0Y2ggQ1JML09DU1AKIEVBUEFLQTNHUFAyX0RFU0M9CUVuYWJsZSBF
 QVAgQUtBIHdpdGggM2dwcDIgYmFja2VuZAorRUFQRFlOQU1JQ19ERVNDPQlFbmFibGUgRUFQIGR5
 bmFtaWMgcHJveHkgbW9kdWxlCitFQVBSQURJVVNfREVTQz0JCUVuYWJsZSBFQVAgUmFkaXVzIHBy
 b3h5IGF1dGhlbnRpY2F0aW9uCiBFQVBTSU1GSUxFX0RFU0M9CUVuYWJsZSBFQVAgU0lNIHdpdGgg
 ZmlsZSBiYWNrZW5kCi1JS0V2MV9ERVNDPQlFbmFibGUgSUtFdjEgc3VwcG9ydCAoRXhwZXJpbWVu
 dGFsKQorSUtFdjFfREVTQz0JRW5hYmxlIElLRXYxIHN1cHBvcnQKK0lQU0VDS0VZX0RFU0M9CUVu
 YWJsZSBhdXRoZW50aWNhdGlvbiB3aXRoIElQU0VDS0VZIHJlc291cmNlIHJlY29yZHMgd2l0aCBE
 TlNTRUMKK0tFUk5FTExJQklQU0VDX0RFU0M9ICAgRW5hYmxlIElQU2VjIHVzZXJsYW5kIGJhY2tl
 bmQKK0xPQURURVNURVJfREVTQz0JRW5hYmxlIGxvYWQgdGVzdGluZyBwbHVnaW4KK1RFU1RWRUNU
 T1JfREVTQz0JRW5hYmxlIGNyeXB0byB0ZXN0IHZlY3RvcnMKK1VOQk9VTkRfREVTQz0JRW5hYmxl
 IEROU1NFQy1lbmFibGVkIHJlc29sdmVyCitYQVVUSF9ERVNDPQlFbmFibGUgWEF1dGggcGFzc3dv
 cmQgdmVyaWZpY2F0aW9uCiAKLU5PX1NUQUdFPQl5ZXMKIC5pbmNsdWRlIDxic2QucG9ydC5vcHRp
 b25zLm1rPgogCiAjIEV4dHJhIG9wdGlvbnMKQEAgLTgzLDYgKzkyLDIyIEBACiBQTElTVF9TVUIr
 PVNJTUFLQT0iQGNvbW1lbnQgIgogLmVuZGlmCiAKKy5pZiAke1BPUlRfT1BUSU9OUzpNRUFQRFlO
 QU1JQ30KK0NPTkZJR1VSRV9BUkdTKz0gICAgICAgIC0tZW5hYmxlLWVhcC1keW5hbWljCitQTElT
 VF9TVUIrPSAgICAgRUFQRFlOQU1JQz0iIgorLmVsc2UKK1BMSVNUX1NVQis9ICAgICBFQVBEWU5B
 TUlDPSJAY29tbWVudCAiCisuZW5kaWYKKworLmlmICR7UE9SVF9PUFRJT05TOk1FQVBSQURJVVN9
 CitDT05GSUdVUkVfQVJHUys9ICAgICAgICAtLWVuYWJsZS1lYXAtcmFkaXVzCitQTElTVF9TVUIr
 PSAgICAgRUFQUkFESVVTPSIiCitQTElTVF9TVUIrPSAgICAgUkFESVVTPSIiCisuZWxzZQorUExJ
 U1RfU1VCKz0gICAgIEVBUFJBRElVUz0iQGNvbW1lbnQgIgorUExJU1RfU1VCKz0gICAgIFJBRElV
 Uz0iQGNvbW1lbnQgIgorLmVuZGlmCisKIC5pZiAke1BPUlRfT1BUSU9OUzpNSUtFdjF9CiBQTElT
 VF9TVUIrPQlJS0V2MT0iIgogLmVsc2UKQEAgLTkwLDYgKzExNSwxMyBAQAogUExJU1RfU1VCKz0J
 SUtFdjE9IkBjb21tZW50ICIKIC5lbmRpZgogCisuaWYgJHtQT1JUX09QVElPTlM6TUtFUk5FTExJ
 QklQU0VDfQorQ09ORklHVVJFX0FSR1MrPSAgICAgICAtLWVuYWJsZS1rZXJuZWwtbGliaXBzZWMK
 K1BMSVNUX1NVQis9ICAgIEtFUk5FTExJQklQU0VDPSIiCisuZWxzZQorUExJU1RfU1VCKz0gICAg
 S0VSTkVMTElCSVBTRUM9IkBjb21tZW50ICIKKy5lbmRpZgorCiAuaWYgJHtQT1JUX09QVElPTlM6
 TUxEQVB9CiBVU0VfT1BFTkxEQVA9CXllcwogQ09ORklHVVJFX0FSR1MrPQktLWVuYWJsZS1sZGFw
 CkBAIC05OCw2ICsxMzAsMjAgQEAKIFBMSVNUX1NVQis9CUxEQVA9IkBjb21tZW50ICIKIC5lbmRp
 ZgogCisuaWYgJHtQT1JUX09QVElPTlM6TUxPQURURVNURVJ9CitDT05GSUdVUkVfQVJHUys9ICAg
 ICAgICAtLWVuYWJsZS1sb2FkLXRlc3RlcgorUExJU1RfU1VCKz0gICAgIExPQURURVNURVI9IiIK
 Ky5lbHNlCitQTElTVF9TVUIrPSAgICAgTE9BRFRFU1RFUj0iQGNvbW1lbnQgIgorLmVuZGlmCisK
 Ky5pZiAke1BPUlRfT1BUSU9OUzpNSVBTRUNLRVl9CitDT05GSUdVUkVfQVJHUys9ICAgICAgICAt
 LWVuYWJsZS1pcHNlY2tleQorUExJU1RfU1VCKz0gICAgIElQU0VDS0VZPSIiCisuZWxzZQorUExJ
 U1RfU1VCKz0gICAgIElQU0VDS0VZPSJAY29tbWVudCAiCisuZW5kaWYKKwogLmlmICR7UE9SVF9P
 UFRJT05TOk1NWVNRTH0KIENPTkZJR1VSRV9BUkdTKz0JLS1lbmFibGUtbXlzcWwKIFVTRV9NWVNR
 TD0JeWVzCkBAIC0xMjEsMTEgKzE2NywzNiBAQAogUExJU1RfU1VCKz0JU1FMPSJAY29tbWVudCAi
 CiAuZW5kaWYKIAotLmluY2x1ZGUgPGJzZC5wb3J0LnByZS5taz4KKy5pZiAke1BPUlRfT1BUSU9O
 UzpNVU5CT1VORH0KK0NPTkZJR1VSRV9BUkdTKz0gICAgICAgIC0tZW5hYmxlLXVuYm91bmQKK0xJ
 Ql9ERVBFTkRTKz0gICB1bmJvdW5kOiR7UE9SVFNESVJ9L2Rucy91bmJvdW5kCitQTElTVF9TVUIr
 PSAgICAgVU5CT1VORD0iIgorLmVsc2UKK1BMSVNUX1NVQis9ICAgICBVTkJPVU5EPSJAY29tbWVu
 dCAiCisuZW5kaWYKIAorLmlmICR7UE9SVF9PUFRJT05TOk1URVNUVkVDVE9SfQorQ09ORklHVVJF
 X0FSR1MrPSAgICAgICAgLS1lbmFibGUtdGVzdC12ZWN0b3JzCitQTElTVF9TVUIrPSAgICAgVEVT
 VFZFQ1RPUj0iIgorLmVsc2UKK1BMSVNUX1NVQis9ICAgICBURVNUVkVDVE9SPSJAY29tbWVudCAi
 CisuZW5kaWYKKworLmlmICR7UE9SVF9PUFRJT05TOk1YQVVUSH0KK0NPTkZJR1VSRV9BUkdTKz0g
 ICAgICAgIC0tZW5hYmxlLXhhdXRoLWVhcCAtLWVuYWJsZS14YXV0aC1nZW5lcmljCitQTElTVF9T
 VUIrPSAgICAgWEFVVEg9IiIKKy5lbHNlCitQTElTVF9TVUIrPSAgICAgWEFVVEg9IkBjb21tZW50
 ICIKKy5lbmRpZgorCiAjIFJlcXVpcmVzIEZyZWVCU0QgOCBhbmQgYWJvdmUgdG8gd29yawogLmlm
 ICR7T1NWRVJTSU9OfSA8IDgwMDAwMAogSUdOT1JFPQkJcmVxdWlyZXMgYXQgbGVhc3QgRnJlZUJT
 RCA4LlgKIC5lbmRpZgogCi0uaW5jbHVkZSA8YnNkLnBvcnQucG9zdC5taz4KK3Bvc3QtaW5zdGFs
 bDoKKwkke01LRElSfSAke1NUQUdFRElSfSR7RVhBTVBMRVNESVJ9CisJJHtNVn0gJHtTVEFHRURJ
 Un0ke1BSRUZJWH0vZXRjL3N0cm9uZ3N3YW4uY29uZiAke1NUQUdFRElSfSR7RVhBTVBMRVNESVJ9
 CisJJHtNVn0gJHtTVEFHRURJUn0ke1BSRUZJWH0vZXRjL2lwc2VjLmNvbmYgJHtTVEFHRURJUn0k
 e0VYQU1QTEVTRElSfQorCisuaW5jbHVkZSA8YnNkLnBvcnQubWs+CkluZGV4OiBkaXN0aW5mbwo9
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09Ci0tLSBkaXN0aW5mbwkocmV2aXNpb24gMzM4ODc3KQorKysgZGlzdGluZm8JKHdv
 cmtpbmcgY29weSkKQEAgLTEsMiArMSwyIEBACi1TSEEyNTYgKHN0cm9uZ3N3YW4tNS4wLjQudGFy
 LmJ6MikgPSAzZWM2NmQ2NDA0NmY2NTJhYjc1NTZiM2JlOGY5YmU4OTgxZmQzMmVmNGExMWUzZTQ2
 MWEwNGQ2NTg5MjhiZmUyCi1TSVpFIChzdHJvbmdzd2FuLTUuMC40LnRhci5iejIpID0gMzQxMjkz
 MAorU0hBMjU2IChzdHJvbmdzd2FuLTUuMS4xLnRhci5iejIpID0gZmJmMmE2NjgyMjFmYzRhMzZh
 MzRiZGVhYzJkZmVkYTI1Yjk2ZjU3MmQ1NTFkZjAyMjU4NTE3Nzk1MzYyMjQwNgorU0laRSAoc3Ry
 b25nc3dhbi01LjEuMS50YXIuYnoyKSA9IDM2NzMyMDAKSW5kZXg6IHBrZy1wbGlzdAo9PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09Ci0tLSBwa2ctcGxpc3QJKHJldmlzaW9uIDMzODg3NykKKysrIHBrZy1wbGlzdAkod29ya2lu
 ZyBjb3B5KQpAQCAtMSw1ICsxLDMgQEAKLWV0Yy9pcHNlYy5jb25mCi1ldGMvc3Ryb25nc3dhbi5j
 b25mCiBsaWIvaXBzZWMvbGliY2hhcm9uLmEKIGxpYi9pcHNlYy9saWJjaGFyb24ubGEKIGxpYi9p
 cHNlYy9saWJjaGFyb24uc28KQEAgLTk3LDEyICs5NSwxOCBAQAogbGliL2lwc2VjL3BsdWdpbnMv
 bGlic3Ryb25nc3dhbi1wa2NzOC5hCiBsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLXBr
 Y3M4LmxhCiBsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLXBrY3M4LnNvCitsaWIvaXBz
 ZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLXBrY3MxMi5hCitsaWIvaXBzZWMvcGx1Z2lucy9saWJz
 dHJvbmdzd2FuLXBrY3MxMi5sYQorbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1wa2Nz
 MTIuc28KIGxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tcHVia2V5LmEKIGxpYi9pcHNl
 Yy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tcHVia2V5LmxhCiBsaWIvaXBzZWMvcGx1Z2lucy9saWJz
 dHJvbmdzd2FuLXB1YmtleS5zbwogbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1yYW5k
 b20uYQogbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1yYW5kb20ubGEKIGxpYi9pcHNl
 Yy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tcmFuZG9tLnNvCitsaWIvaXBzZWMvcGx1Z2lucy9saWJz
 dHJvbmdzd2FuLXJjMi5hCitsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLXJjMi5sYQor
 bGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1yYzIuc28KIGxpYi9pcHNlYy9wbHVnaW5z
 L2xpYnN0cm9uZ3N3YW4tcmVzb2x2ZS5hCiBsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2Fu
 LXJlc29sdmUubGEKIGxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tcmVzb2x2ZS5zbwpA
 QCAtMTE4LDYgKzEyMiw5IEBACiBsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLXNvY2tl
 dC1kZWZhdWx0LmEKIGxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tc29ja2V0LWRlZmF1
 bHQubGEKIGxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tc29ja2V0LWRlZmF1bHQuc28K
 K2xpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tc3Noa2V5LmEKK2xpYi9pcHNlYy9wbHVn
 aW5zL2xpYnN0cm9uZ3N3YW4tc3Noa2V5LmxhCitsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdz
 d2FuLXNzaGtleS5zbwogbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1zdHJva2UuYQog
 bGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1zdHJva2UubGEKIGxpYi9pcHNlYy9wbHVn
 aW5zL2xpYnN0cm9uZ3N3YW4tc3Ryb2tlLnNvCkBAIC0xNDEsNiArMTQ4LDEzIEBACiBsaWJleGVj
 L2lwc2VjL3N0cm9rZQogbGliZXhlYy9pcHNlYy93aGl0ZWxpc3QKIHNiaW4vaXBzZWMKK3NiaW4v
 Y2hhcm9uLWNtZAorc2hhcmUvZXhhbXBsZXMvc3Ryb25nc3dhbi9pcHNlYy5jb25mCitzaGFyZS9l
 eGFtcGxlcy9zdHJvbmdzd2FuL3N0cm9uZ3N3YW4uY29uZgorJSVSQURJVVMlJWxpYi9pcHNlYy9s
 aWJyYWRpdXMuYQorJSVSQURJVVMlJWxpYi9pcHNlYy9saWJyYWRpdXMubGEKKyUlUkFESVVTJSVs
 aWIvaXBzZWMvbGlicmFkaXVzLnNvCislJVJBRElVUyUlbGliL2lwc2VjL2xpYnJhZGl1cy5zby4w
 CiAlJVNJTUFLQSUlbGliL2lwc2VjL2xpYnNpbWFrYS5hCiAlJVNJTUFLQSUlbGliL2lwc2VjL2xp
 YnNpbWFrYS5sYQogJSVTSU1BS0ElJWxpYi9pcHNlYy9saWJzaW1ha2Euc28KQEAgLTE1NCw2ICsx
 NjgsMTIgQEAKICUlRUFQQUtBM0dQUDIlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4t
 Z21wLmEKICUlRUFQQUtBM0dQUDIlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tZ21w
 LmxhCiAlJUVBUEFLQTNHUFAyJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLWdtcC5z
 bworJSVFQVBEWU5BTUlDJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLWVhcC1keW5h
 bWljLmEKKyUlRUFQRFlOQU1JQyUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1lYXAt
 ZHluYW1pYy5sYQorJSVFQVBEWU5BTUlDJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2Fu
 LWVhcC1keW5hbWljLnNvCislJUVBUFJBRElVUyUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25n
 c3dhbi1lYXAtcmFkaXVzLmEKKyUlRUFQUkFESVVTJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJv
 bmdzd2FuLWVhcC1yYWRpdXMubGEKKyUlRUFQUkFESVVTJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJz
 dHJvbmdzd2FuLWVhcC1yYWRpdXMuc28KICUlRUFQU0lNRklMRSUlbGliL2lwc2VjL3BsdWdpbnMv
 bGlic3Ryb25nc3dhbi1lYXAtc2ltLmEKICUlRUFQU0lNRklMRSUlbGliL2lwc2VjL3BsdWdpbnMv
 bGlic3Ryb25nc3dhbi1lYXAtc2ltLmxhCiAlJUVBUFNJTUZJTEUlJWxpYi9pcHNlYy9wbHVnaW5z
 L2xpYnN0cm9uZ3N3YW4tZWFwLXNpbS5zbwpAQCAtMTY2LDYgKzE4NiwyMCBAQAogJSVJS0V2MSUl
 bGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi14YXV0aC1nZW5lcmljLmEKICUlSUtFdjEl
 JWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4teGF1dGgtZ2VuZXJpYy5sYQogJSVJS0V2
 MSUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi14YXV0aC1nZW5lcmljLnNvCislJUlQ
 U0VDS0VZJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLWlwc2Vja2V5LmEKKyUlSVBT
 RUNLRVklJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4taXBzZWNrZXkubGEKKyUlSVBT
 RUNLRVklJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4taXBzZWNrZXkuc28KKyUlS0VS
 TkVMTElCSVBTRUMlJWxpYi9pcHNlYy9saWJpcHNlYy5hCislJUtFUk5FTExJQklQU0VDJSVsaWIv
 aXBzZWMvbGliaXBzZWMubGEKKyUlS0VSTkVMTElCSVBTRUMlJWxpYi9pcHNlYy9saWJpcHNlYy5z
 bworJSVLRVJORUxMSUJJUFNFQyUlbGliL2lwc2VjL2xpYmlwc2VjLnNvLjAKKyUlS0VSTkVMTElC
 SVBTRUMlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4ta2VybmVsLWxpYmlwc2VjLmEK
 KyUlS0VSTkVMTElCSVBTRUMlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4ta2VybmVs
 LWxpYmlwc2VjLmxhCislJUtFUk5FTExJQklQU0VDJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJv
 bmdzd2FuLWtlcm5lbC1saWJpcHNlYy5zbworJSVMT0FEVEVTVEVSJSVsaWIvaXBzZWMvcGx1Z2lu
 cy9saWJzdHJvbmdzd2FuLWxvYWQtdGVzdGVyLmEKKyUlTE9BRFRFU1RFUiUlbGliL2lwc2VjL3Bs
 dWdpbnMvbGlic3Ryb25nc3dhbi1sb2FkLXRlc3Rlci5sYQorJSVMT0FEVEVTVEVSJSVsaWIvaXBz
 ZWMvcGx1Z2lucy9saWJzdHJvbmdzd2FuLWxvYWQtdGVzdGVyLnNvCislJUxPQURURVNURVIlJWxp
 YmV4ZWMvaXBzZWMvbG9hZC10ZXN0ZXIKICUlTERBUCUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ry
 b25nc3dhbi1sZGFwLmEKICUlTERBUCUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi1s
 ZGFwLmxhCiAlJUxEQVAlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tbGRhcC5zbwpA
 QCAtMTgyLDYgKzIxNiwxNSBAQAogJSVTUUxJVEUlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9u
 Z3N3YW4tc3FsaXRlLmEKICUlU1FMSVRFJSVsaWIvaXBzZWMvcGx1Z2lucy9saWJzdHJvbmdzd2Fu
 LXNxbGl0ZS5sYQogJSVTUUxJVEUlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tc3Fs
 aXRlLnNvCislJVRFU1RWRUNUT1IlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4tdGVz
 dC12ZWN0b3JzLmEKKyUlVEVTVFZFQ1RPUiUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dh
 bi10ZXN0LXZlY3RvcnMubGEKKyUlVEVTVFZFQ1RPUiUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ry
 b25nc3dhbi10ZXN0LXZlY3RvcnMuc28KKyUlVU5CT1VORCUlbGliL2lwc2VjL3BsdWdpbnMvbGli
 c3Ryb25nc3dhbi11bmJvdW5kLmEKKyUlVU5CT1VORCUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ry
 b25nc3dhbi11bmJvdW5kLmxhCislJVVOQk9VTkQlJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9u
 Z3N3YW4tdW5ib3VuZC5zbworJSVYQVVUSCUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dh
 bi14YXV0aC1lYXAuYQorJSVYQVVUSCUlbGliL2lwc2VjL3BsdWdpbnMvbGlic3Ryb25nc3dhbi14
 YXV0aC1lYXAubGEKKyUlWEFVVEglJWxpYi9pcHNlYy9wbHVnaW5zL2xpYnN0cm9uZ3N3YW4teGF1
 dGgtZWFwLnNvCiBAZGlycm0gbGliZXhlYy9pcHNlYwogQGRpcnJtIGxpYi9pcHNlYy9wbHVnaW5z
 CiBAZGlycm0gbGliL2lwc2VjCg==
 --001a1134495a8b043a04ef4dead8--
State-Changed-From-To: open->closed 
State-Changed-By: decke 
State-Changed-When: Thu Jan 30 12:56:29 UTC 2014 
State-Changed-Why:  
Obsoleted by ports/185535 

http://www.freebsd.org/cgi/query-pr.cgi?pr=183688 
>Unformatted:
