notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

Finally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combination for a given watch list. This is what FreshPorts will look for.

non port: security/strongswan/Makefile

Number of commits found: 93

Sunday, 25 Feb 2024
13:25 Muhammad Moinur Rahman (bofh) search for other commits by this committer
security/strongswan: Moved man to share/man

Approved by:    portmgr (blanket)
commit hash: 53f3494abb0349dbde3072fdfe5ac2378a59adf5 commit hash: 53f3494abb0349dbde3072fdfe5ac2378a59adf5 commit hash: 53f3494abb0349dbde3072fdfe5ac2378a59adf5 commit hash: 53f3494abb0349dbde3072fdfe5ac2378a59adf5 53f3494
Sunday, 10 Dec 2023
17:16 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jose Luis Duran
security/strongswan: Update to 5.9.13

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.13

PR:		275620
Reported by:	jlduran@gmail.com
MFH:		2023Q4 (security fix)
Security:	CVE-2023-41913
commit hash: 9d8accbe0c0d7c0db16ec9bbb50bded19db8271f commit hash: 9d8accbe0c0d7c0db16ec9bbb50bded19db8271f commit hash: 9d8accbe0c0d7c0db16ec9bbb50bded19db8271f commit hash: 9d8accbe0c0d7c0db16ec9bbb50bded19db8271f 9d8accb
Friday, 24 Nov 2023
08:03 Eugene Grosbein (eugen) search for other commits by this committer
security/strongswan: fix CVE-2023-41913

This is urgent change adding official patch
https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
that is identical to the change made for strongswan-5.9.12:
https://github.com/strongswan/strongswan/commit/96d793718955820dfe5e6d8aa6127a34795ae39e

It is upto port maintainer to review and maybe upgrade the port to 5.9.12

Obtained from:	strongSwan
Security:	CVE-2023-41913
commit hash: 4e2c0382dd6c024d5349318f9a18762b3814ef9a commit hash: 4e2c0382dd6c024d5349318f9a18762b3814ef9a commit hash: 4e2c0382dd6c024d5349318f9a18762b3814ef9a commit hash: 4e2c0382dd6c024d5349318f9a18762b3814ef9a 4e2c038
Wednesday, 30 Aug 2023
08:00 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jose Luis Duran
security/strongswan: Explicitly set sysconfdir

This allows for proper substitution in manual pages.

PR:		273138
Reported by:	jlduran@gmail.com
Reviewed by:	strongswan@Nanoteq.com (maintainer timeout > 2 weeks)
commit hash: f7f38560ce695333898e7e13bbafd3313f4f2abc commit hash: f7f38560ce695333898e7e13bbafd3313f4f2abc commit hash: f7f38560ce695333898e7e13bbafd3313f4f2abc commit hash: f7f38560ce695333898e7e13bbafd3313f4f2abc f7f3856
Thursday, 3 Aug 2023
06:21 Fernando Apesteguía (fernape) search for other commits by this committer Author: Matteo Riondato
security/strongswan: Fix route installation

cherry-pick upstream commit a619356 to fix route installation on FreeBSD

PR:		272841
Reported by:	matteo@FreeBSD.org
Approved by:	strongswan@Nanoteq.com (maintainer)
commit hash: ab5ef1b273ca7d6c4120272e5a1d1ea837254a6c commit hash: ab5ef1b273ca7d6c4120272e5a1d1ea837254a6c commit hash: ab5ef1b273ca7d6c4120272e5a1d1ea837254a6c commit hash: ab5ef1b273ca7d6c4120272e5a1d1ea837254a6c ab5ef1b
Friday, 28 Jul 2023
12:33 Fernando Apesteguía (fernape) search for other commits by this committer Author: Matteo Riondato
security/strongswan: Update to 5.9.11

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.11

PR:		272739
Reported by:	matteo@FreeBSD.org
Approved by:	strongswan@Nanoteq.com (maintainer)
commit hash: 7409da5ebd62a981bd3110eed87fda91eacb41e9 commit hash: 7409da5ebd62a981bd3110eed87fda91eacb41e9 commit hash: 7409da5ebd62a981bd3110eed87fda91eacb41e9 commit hash: 7409da5ebd62a981bd3110eed87fda91eacb41e9 7409da5
Wednesday, 29 Mar 2023
12:47 Fernando Apesteguía (fernape) search for other commits by this committer
security/strongswan: Fix  TLS 1.2 in EAP-TLS plugin

Cherry pick commit from upstream.

PR:		270380
Reported by:	dronmbi@gtn.ru
Approved by:	strongswan@Nanoteq.com (maintainer)
commit hash: e27bfba4d7fa645b5aad5ebfa66a46a108247814 commit hash: e27bfba4d7fa645b5aad5ebfa66a46a108247814 commit hash: e27bfba4d7fa645b5aad5ebfa66a46a108247814 commit hash: e27bfba4d7fa645b5aad5ebfa66a46a108247814 e27bfba
Sunday, 5 Mar 2023
15:38 Kurt Jaeger (pi) search for other commits by this committer
security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463

See also:
 
https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html

PR:		269976
Approved-by:	Francois ten Krooden <strongswan@Nanoteq.com> (maintainer)
Changelog:	https://github.com/strongswan/strongswan/releases/tag/5.9.10
commit hash: 0cc82a4810632d46ea854e9225f0f99a87ac2347 commit hash: 0cc82a4810632d46ea854e9225f0f99a87ac2347 commit hash: 0cc82a4810632d46ea854e9225f0f99a87ac2347 commit hash: 0cc82a4810632d46ea854e9225f0f99a87ac2347 0cc82a4
Saturday, 4 Mar 2023
06:31 Eugene Grosbein (eugen) search for other commits by this committer
security/strongswan: fix CVE-2023-26463

This is urgent change adding official patch
https://download.strongswan.org/security/CVE-2023-26463/strongswan-5.9.8-5.9.9_tls_auth_bypass_exp_pointer.patch

It is upto port maintainer to review and maybe upgrade
the port to 5.9.10.

Obtained from:	strongSwan
Security:	CVE-2023-26463
commit hash: c703ad728b40f1b323b3b388745f03e2c279ccfb commit hash: c703ad728b40f1b323b3b388745f03e2c279ccfb commit hash: c703ad728b40f1b323b3b388745f03e2c279ccfb commit hash: c703ad728b40f1b323b3b388745f03e2c279ccfb c703ad7
Wednesday, 8 Feb 2023
10:53 Muhammad Moinur Rahman (bofh) search for other commits by this committer
Mk/**ldap.mk: Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233
commit hash: 6e1233be229212a0496f42d611bd40f3e3a628da commit hash: 6e1233be229212a0496f42d611bd40f3e3a628da commit hash: 6e1233be229212a0496f42d611bd40f3e3a628da commit hash: 6e1233be229212a0496f42d611bd40f3e3a628da 6e1233b
Sunday, 15 Jan 2023
18:14 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jose Luis Duran
security/strongswan: Remove --with-lib-prefix

Remove flag already in the default option.

PR:		268918
Reported by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer, implicit in PR)
commit hash: a06d57733894d0d68b45f5a7326aca568e4e80b0 commit hash: a06d57733894d0d68b45f5a7326aca568e4e80b0 commit hash: a06d57733894d0d68b45f5a7326aca568e4e80b0 commit hash: a06d57733894d0d68b45f5a7326aca568e4e80b0 a06d577
Saturday, 14 Jan 2023
17:13 Fernando Apesteguía (fernape) search for other commits by this committer Author: Jose Luis Duran
security/strongswan: Update to 5.9.9

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.9

PR:		268918 262743
Reported by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer)
commit hash: 942865477682b3d274c73d78e6a5e9b5591268df commit hash: 942865477682b3d274c73d78e6a5e9b5591268df commit hash: 942865477682b3d274c73d78e6a5e9b5591268df commit hash: 942865477682b3d274c73d78e6a5e9b5591268df 9428654
Wednesday, 26 Oct 2022
14:35 Nuno Teixeira (eduardo) search for other commits by this committer Author: Jose Luis Duran
security/strongswan: Add GCM option to OPTIONS_DEFAULT

 Avoid the message:

 "plugin 'gcm': failed to load - gcm_plugin_create not found and no
 plugin file available"

 According to strongSwan's 5.9.8 release notes[1]:

 The gcm plugin has been enabled by default, so that the TLS 1.3 unit
 tests (now indirectly enabled if the pki tool is built due to the
 implementation of EST) can be completed successfully with just the
 default plugins.

 Let's also enable it by default.

 [1]: https://github.com/strongswan/strongswan/releases/tag/5.9.8

PR:		267352
commit hash: a0103c803b137d9cd95310bbfd315103d8e046b2 commit hash: a0103c803b137d9cd95310bbfd315103d8e046b2 commit hash: a0103c803b137d9cd95310bbfd315103d8e046b2 commit hash: a0103c803b137d9cd95310bbfd315103d8e046b2 a0103c8
Wednesday, 19 Oct 2022
16:45 Fernando Apesteguía (fernape) search for other commits by this committer Author: Franco Fichtner
security/strongswan: update to 5.9.8

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8

Fixes CVE-2022-40617.

PR:		267037
Reported by:	franco@opnsense.org
Approved by:	strongswan@Nanoteq.com (maintainer, implicit)
MFH:		2022Q4	(security update)
Security:	CVE-2022-40617 DoS attack vulnerability
commit hash: a28166f3b1e22d446f76d5f71f27f082b0e7e19f commit hash: a28166f3b1e22d446f76d5f71f27f082b0e7e19f commit hash: a28166f3b1e22d446f76d5f71f27f082b0e7e19f commit hash: a28166f3b1e22d446f76d5f71f27f082b0e7e19f a28166f
Wednesday, 7 Sep 2022
21:10 Stefan Eßer (se) search for other commits by this committer
Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.

There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.

The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.

Approved by:		portmgr (tcberner)
commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 commit hash: b7f05445c00f2625aa19b4154ebcbce5ed2daa52 b7f0544
Thursday, 16 Jun 2022
14:41 Fernando Apesteguía (fernape) search for other commits by this committer Author: Francois ten Krooden
security/strongswan: Fix key derivation

An issue in the upstream port causes key derivation to fail in version 5.9.6.
A work around is to enable the KDF pluging by default.

PR:	264667
Reported by:	strongswan@Nanoteq.com (maintainer)
commit hash: 4e7ee356bbfdef75435f4fd3e395ebb806eb8790 commit hash: 4e7ee356bbfdef75435f4fd3e395ebb806eb8790 commit hash: 4e7ee356bbfdef75435f4fd3e395ebb806eb8790 commit hash: 4e7ee356bbfdef75435f4fd3e395ebb806eb8790 4e7ee35
Wednesday, 1 Jun 2022
22:03 Dries Michiels (driesm) search for other commits by this committer Author: Björn König
security/strongswan: add CTR plugin option

PR:		264354
Approved by:	Francois ten Krooden (maintainer)
commit hash: b3a2477de75eeaac86240462bd3d76abef0c2c2c commit hash: b3a2477de75eeaac86240462bd3d76abef0c2c2c commit hash: b3a2477de75eeaac86240462bd3d76abef0c2c2c commit hash: b3a2477de75eeaac86240462bd3d76abef0c2c2c b3a2477
Monday, 9 May 2022
22:28 Dries Michiels (driesm) search for other commits by this committer Author: Dani I
security/strongswan: Update to 5.9.6

Changes:	https://github.com/strongswan/strongswan/releases/tag/5.9.6

PR:		263748
Approved by:	Francois ten Krooden (maintainer)
commit hash: b591672ecc5b85f42c3f9ebaed2d7acb0120ca9d commit hash: b591672ecc5b85f42c3f9ebaed2d7acb0120ca9d commit hash: b591672ecc5b85f42c3f9ebaed2d7acb0120ca9d commit hash: b591672ecc5b85f42c3f9ebaed2d7acb0120ca9d b591672
Wednesday, 26 Jan 2022
18:38 Dries Michiels (driesm) search for other commits by this committer Author: Michael Glaus
security/strongswan: Update to 5.9.5

Changes:	https://github.com/strongswan/strongswan/releases/tag/5.9.5
PR:		261462
Approved by:	Francois ten Krooden <strongswan@Nanoteq.com> (maintainer)
MFH:		2022Q1
Security:	CVE-2021-45079
commit hash: f64253580072d6239948fd1dbb7bf171f4ef0ce3 commit hash: f64253580072d6239948fd1dbb7bf171f4ef0ce3 commit hash: f64253580072d6239948fd1dbb7bf171f4ef0ce3 commit hash: f64253580072d6239948fd1dbb7bf171f4ef0ce3 f642535
Wednesday, 20 Oct 2021
07:19 Li-Wen Hsu (lwhsu) search for other commits by this committer Author: Dani
security/strongswan: Update to 5.9.4

Security & Bugfix Update to 5.9.4:
- Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4
- While here change repos to https
- Fix CVE-2021-41990:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
- Fix CVE-2021-41991:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html

PR:		259267
Approved by:	strongswan@Nanoteq.com (maintainer)
MFH:		2021Q4
commit hash: eead2ddf757a4e9f50eedd1680f3b62e6a16aaef commit hash: eead2ddf757a4e9f50eedd1680f3b62e6a16aaef commit hash: eead2ddf757a4e9f50eedd1680f3b62e6a16aaef commit hash: eead2ddf757a4e9f50eedd1680f3b62e6a16aaef eead2dd
Tuesday, 3 Aug 2021
06:38 Guangyuan Yang (ygy) search for other commits by this committer Author: Jose Luis Duran
security/strongswan: Update to 5.9.3

Changelog:	https://github.com/strongswan/strongswan/releases/tag/5.9.3

PR:		257564
Approved by:	strongswan@Nanoteq.com (maintainer)
commit hash: 4a836720c73ef48f1afd3ba7d1abe960ea2c61ef commit hash: 4a836720c73ef48f1afd3ba7d1abe960ea2c61ef commit hash: 4a836720c73ef48f1afd3ba7d1abe960ea2c61ef commit hash: 4a836720c73ef48f1afd3ba7d1abe960ea2c61ef 4a83672
Wednesday, 19 May 2021
11:23 Juraj Lutter (otis) search for other commits by this committer Author: Sergey Akhmatov
security/strongswan: Fix default control-interface

Fix default control-interface in rc.d script and also
make it user-selectable at build time, defaulting to VICI.

Also mention this change in pkg-message, as previously the
default was "stroke" and it was changed to "vici" with
only a short notice in UPDATING, that was not displayed
when using binary upgrades.

Committing a portfmt'd version.

PR:		255952
Approved by:	strongswan@Nanoteq.com (maintainer)
commit hash: 0ca8849103d5838079aa6433722e5c335dcc955d commit hash: 0ca8849103d5838079aa6433722e5c335dcc955d commit hash: 0ca8849103d5838079aa6433722e5c335dcc955d commit hash: 0ca8849103d5838079aa6433722e5c335dcc955d 0ca8849
Tuesday, 6 Apr 2021
14:31 Mathieu Arnold (mat) search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb commit hash: 305f148f482daf30dcf728039d03d019f88344eb 305f148
Wednesday, 17 Mar 2021
19:12 amdmi3 search for other commits by this committer
security/strongswan: use "vici" interface instead of deprecated "stroke" by
default

Add UPDATING entry with migration instruction.

PR:		249865
Submitted by:	driesm.michiels@gmail.com
Approved by:	strongswan@nanoteq.com (maintainer)
Original commitRevision:568683 
Tuesday, 9 Mar 2021
06:45 fernape search for other commits by this committer
security/strongswan: Update to 5.9.2

ChangeLog: https://wiki.strongswan.org/versions/80

While here, pet linters

PR:	254047
Submitted by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:567895 
Tuesday, 29 Dec 2020
22:24 jrm search for other commits by this committer
security/strongswan: Update to version 5.9.1

Changelog: https://wiki.strongswan.org/versions/79

PR:		252202
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@nanoteq.com (maintainer)
Original commitRevision:559621 
Friday, 25 Sep 2020
14:05 pi search for other commits by this committer
security/strongswan: update 5.8.4 -> 5.9.0

- Also link the tpm2-tss package for testing with the TPM plugin:
  https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin

PR:		249470
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Relnotes:	https://wiki.strongswan.org/versions/78
Original commitRevision:550035 
Wednesday, 20 May 2020
18:50 fernape search for other commits by this committer
security/strongswan: Add TEST_TARGET

make test passes OK

PR:	246535
Submitted by:	jlduran@gmail.com
Reviewed by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:536014 
Monday, 13 Apr 2020
18:02 garga search for other commits by this committer
security/strongswan: Update to 5.8.4

PR:		245199
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:531624 
Sunday, 29 Mar 2020
06:26 joneum search for other commits by this committer
Update to 5.8.3

PR:		245087
Sponsored by:	Netzkommune GmbH
Original commitRevision:529774 
Friday, 31 Jan 2020
16:39 0mp search for other commits by this committer
security/strongswan: Add PYTHON plugin option for a VICI protocol plugin

PR:		243254
Submitted by:	Dries Michiels <driesm.michiels@gmail.com>
Approved by:	maintainer
Event:		Brussels DevSummit 2020
Original commitRevision:524730 
Saturday, 11 Jan 2020
15:38 meta search for other commits by this committer
security/strongswan: load ipsec kernel module by rc script

From the following discussion: https://reviews.freebsd.org/D20163
It makes sense to add ipsec as required module for the rc script
of strongSwan.

PR:		243316
Submitted by:	Dries Michiels <driesm.michiels@gmail.com>
Approved by:	maintainer
Original commitRevision:522689 
Monday, 30 Dec 2019
14:49 garga search for other commits by this committer
security/strongswan: Update to 5.8.2

PR:		242687
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:521493 
Monday, 30 Sep 2019
17:06 garga search for other commits by this committer
Add a new option to enable PKCS11 plugin

PR:		240684
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:513403 
Tuesday, 24 Sep 2019
18:03 swills search for other commits by this committer
security/strongswan: update to 5.8.1

PR:		240316
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:512739 
Wednesday, 21 Aug 2019
01:59 meta search for other commits by this committer
security/strongswan: Add support for the VIA Padlock plugin

PR:		239458
Submitted by:	Evgeny <mojolicious@yandex.com> (initial revision)
		strongswan@Nanoteq.com (maintainer, brushed-up revision)
Approved by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:509483 
Wednesday, 14 Aug 2019
03:26 meta search for other commits by this committer
Implement new virtual category: net-vpn for VPN related ports

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174
Original commitRevision:508887 
Wednesday, 29 May 2019
12:12 garga search for other commits by this committer
security/strongswan: Update to 5.8.0

PR:		238173
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:502953 
Saturday, 9 Mar 2019
10:37 pi search for other commits by this committer
security/strongswan: add vici-based configuration for the rc script

The rc script is modified to allow both a legacy (ipsec.conf-based)
startup or a new (swanctl.conf-based) config. Default is the legacy.

The new setup is based on vici, the Versatile IKE Configuration Interface.

For more details, see:

https://wiki.strongswan.org/projects/strongswan/wiki/Vici

PR:		234648
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Reviewed by:	Sam Chen <sc.gear@one.caeon.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Differential Revision:	D19367
Original commitRevision:495117 
09:49 pi search for other commits by this committer
security/strongswan: add PAM to XAUTH

PR:		236218
Submitted by:	Franco Fichtner <franco@opnsense.org>
Approved by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:495112 
Tuesday, 5 Mar 2019
20:14 swills search for other commits by this committer
security/strongswan: Minor port improvements

- Follow the same patching logic for swanctl.conf as the other config
  files.
- Silence warning: $strongswan_enable not properly set.

PR:		235340
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:494736 
Monday, 14 Jan 2019
16:00 swills search for other commits by this committer
security/strongswan: update to version 5.7.2

PR:		234882
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:490298 
Tuesday, 2 Oct 2018
11:00 garga search for other commits by this committer
security/strongswan: Update to 5.7.1

PR:		231862
Approved by:	maintainer
Obtained from:	pfSense
MFH:		2018Q4
Security:	CVE-2018-16151 CVE-2018-16152
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:481111 
Wednesday, 26 Sep 2018
13:03 garga search for other commits by this committer
- Update security/strongswan to 5.7.0
- While here, silence portlint warning renaming option IKEv1 to IKEV1

PR:		231720
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:480733 
Thursday, 31 May 2018
12:39 krion search for other commits by this committer
Update to 5.6.3

Fixes:
 - Denial-of-Service Vulnerability in the IKEv2 key derivation
   (CVE-2018-10811)
 - Denial-of-Service Vulnerability in the stroke plugin
   (CVE-2018-5388)
 - Crash on FreeBSD that was present in 5.6.2
 - The kernel-pfkey plugin optionally installs routes via internal
   interface (one with an IP in the local traffic selector). On
   FreeBSD, enabling this selects the correct source IP when sending
   packets from the gateway itself.

PR:		228631
Submitted by:	maintainer
Original commitRevision:471205 
Tuesday, 6 Mar 2018
21:56 yuri search for other commits by this committer
security/strongswan: Fix crash in public key authentication with 5.6.2

While here, added LICENSE_FILE.

PR:		226404
Submitted by:	strongswan@Nanoteq.com (maintainer)
Approved by:	tcberner (mentor, implicit)
Original commitRevision:463768 
Thursday, 1 Mar 2018
13:53 garga search for other commits by this committer
- Update security/strongswan to 5.6.2 [1]
- Enable CURL option by default [2]

PR:		226043 [1], 220488 [2]
Submitted by:	strongswan@Nanoteq.com (maintainer) [1]
		karl@denninger.net [2]
Approved by:	maintainer [2]
MFH:		2018Q1
Security:	CVE-2018-6459
Sponsored by:	Rubicon Communications, LLC (Netgate)
Original commitRevision:463323 
Friday, 22 Sep 2017
10:48 mat search for other commits by this committer
Remove USES=execinfo.

PR:		220271
Submitted by:	mat (review), Yasuhiro KIMURA (PR)
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D11488
Original commitRevision:450351 
Wednesday, 23 Aug 2017
06:10 pi search for other commits by this committer
security/strongswan: update 5.5.3 -> 5.6.0

- the gmp plugin responsible for CVE-2017-11185 is not enabled
  in the FreeBSD build

PR:		221716
Relnotes:	https://wiki.strongswan.org/versions/66
Reported by:	i.dani@outlook.com
Approved by:	strongswan@nanoteq.com (maintainer)
Original commitRevision:448590 
Wednesday, 19 Jul 2017
10:29 olivier search for other commits by this committer
Update strongswan to 5.5.3

PR:		220823
Submitted by:	strongswan@Nanoteq.com (maintainer)
Reported by:	i.dani@outlook.com
Original commitRevision:446193 
Wednesday, 10 May 2017
06:12 olivier search for other commits by this committer
Add option for enabling mediation feature (like STUN for IPSec peers)

Approved by:	strongswan@nanoteq.com (maintainer)
Sponsored by:	Orange
Original commitRevision:440527 
Wednesday, 12 Apr 2017
17:25 garga search for other commits by this committer
Update security/strongswan to 5.5.2

PR:		218430
Approved by:	maintainer
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:438397 
Friday, 3 Mar 2017
04:12 miwi search for other commits by this committer
- Chase ldns shlip bump

PR:		217495
Original commitRevision:435306 
Monday, 21 Nov 2016
10:43 garga search for other commits by this committer
Update security/strongswan to 5.5.1

PR:		213844
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:426700 
Tuesday, 19 Jul 2016
16:38 garga search for other commits by this committer
Update security/strongswan to 5.5.0

PR:		211095
Submitted by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:418809 
Friday, 1 Apr 2016
14:25 mat search for other commits by this committer
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight
Original commitRevision:412349 
Wednesday, 23 Mar 2016
16:21 garga search for other commits by this committer
Update security/strongswan to 5.4.0

PR:		208219
Approved by:	swan@nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:411720 
Tuesday, 15 Mar 2016
06:21 ohauer search for other commits by this committer
- bump PORTREVISION on ports depending on unbound

PR:		207948
Submitted by:	jaap@NLnetLabs.nl (maintainer)
Original commitRevision:411143 
Wednesday, 17 Feb 2016
02:34 junovitch search for other commits by this committer
security/strongswan: enable options to increase usefulness of default pkg

- Enable PKI, SWANCTL, and VICI options (no external dependencies)
- Document IMPLIES dependency on VICI for SWANCTL; mention in SWANCTL_DESC
- Bump PORTREVISION

PR:		205438
Reported by:	Nick B <nicblais@clkroot.net>
Submitted by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:409026 
Thursday, 4 Feb 2016
15:58 erwin search for other commits by this committer
- Update unbound to 1.5.7
- Bump PORTREVISIOn on dependent ports

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]

More details at <http://unbound.net>

PR:		206347
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl>
Approved by:	maintainer timeout
Sponsored by:	DK Hostmaster A/S
Original commitRevision:408047 
Thursday, 3 Dec 2015
16:34 garga search for other commits by this committer
Bump PORTREVISION to help users with custom OPTIONS to get the fix
committed in r402880, as suggested by AMDmi3
Original commitRevision:402881 
Wednesday, 2 Dec 2015
10:58 garga search for other commits by this committer
Update security/strongswan to 5.3.5

PR:		204959
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:402817 
Monday, 16 Nov 2015
14:08 garga search for other commits by this committer
Update security/strongswan to 5.3.4

PR:		204597
Submitted by:	strongswan@nanoteq.com (maintainer)
MFH:		2015Q4
Security:	CVE 2015-8023
Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:401762 
Monday, 9 Nov 2015
16:56 garga search for other commits by this committer
Backport a couple of commits from master, that will be present in 5.3.4:

- dff2d05bb9 [1]: kernel-pfKey: Enable AES-CTR
- 04f22cdabc [2]: VICI: add NAT information

Bump PORTREVISION

[1]
https://github.com/strongswan/strongswan/commit/dff2d05bb9bec684b3b2efdafc9a47219550bbe1
[2]
https://github.com/strongswan/strongswan/commit/04f22cdabc1c97d38692f95392429839f0fa90d1

PR:		204398
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:401115 
Thursday, 29 Oct 2015
12:42 garga search for other commits by this committer
- Add a new option, SWANCTL, to install swanctll utility
- When VICI option is selected, install libvici.h to include directory,
  it's useful when you need to build a custom code linked to libvici
- Pass path to USE_LDCONFIG otherwise libraries will not be visible

PR:		204098
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:400455 
Wednesday, 28 Oct 2015
14:27 garga search for other commits by this committer
- Add a new option (VICI) to build VICI management protocol
- Change SMP option description to show users it's deprecated

PR:		204090
Approved by:	maintainer
Original commitRevision:400393 
Tuesday, 27 Oct 2015
13:27 garga search for other commits by this committer
strongSwan can be beuit using 3 different printf hooks: builtin, glibc
(compatible with FreeBSD's libc) and vstr (devel/vstr). Since it's not
selected any of them on CONFIGURE_ARGS, it uses auto, and end up using
glibc.

pfSense users reported memory leaks on strongSwan [2] [3] and a it was
reported to upstream [1].

Add a single option and let user choose which printf hook to use, and
change default to use builtin. Bump PORTREVISION due to default change

[1] https://wiki.strongswan.org/issues/1106
[2] https://forum.pfsense.org/index.php?topic=96767.0
[3] https://redmine.pfsense.org/issues/5149

PR:		204051
Approved by:	maintainer
Obtained from:	pfSense
MFH:		2015Q4
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:400233 
Monday, 21 Sep 2015
11:02 garga search for other commits by this committer
Update security/strongswan to 5.3.3

PR:		203178
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications (Netgate)
Original commitRevision:397485 
Tuesday, 9 Jun 2015
09:51 garga search for other commits by this committer
Update to 5.3.2

PR:		200721
Approved by:	strongswan@Nanoteq.com (maintainer)
MFH:		2015Q2
Security:	CVE-2015-3991
Sponsored by:	Netgate
Original commitRevision:388905 
Friday, 24 Apr 2015
10:57 garga search for other commits by this committer
Fix PLIST when EAPAKA3GPP2 is unset and EAPDYNAMIC is set

PR:		199652
Approved by:	stronswan@Nanoteq.com (maintainer)
Sponsored by:	Netgate
Original commitRevision:384631 
Wednesday, 22 Apr 2015
22:53 amdmi3 search for other commits by this committer
- Add CPE info

Approved by:	portmgr blanket
Original commitRevision:384528 
Thursday, 16 Apr 2015
12:55 feld search for other commits by this committer
Add patches to fix Strongswan Management Protocol

SMP is an XML control interface for Strongswan used by pfSense and
Opnsense. SMP has been deprecated by upstream since 5.2.0 in favor of a
newer IPC mechanism called VICI. As a result upstream is not motivated
to take patches for SMP, and this uses non-portable strlcpy anyway.

The code has not been deleted from the project and if we can bludgeon it
into a working state I see no harm.

PR:		199442
Original commitRevision:384108 
Wednesday, 1 Apr 2015
10:28 garga search for other commits by this committer
- Update to 5.3.0
- Add a new option UNITY, to enable Cisco unity extension plugin

PR:		199064
Approved by:	maintainer
Sponsored by:	Netgate
Original commitRevision:382902 
Wednesday, 25 Feb 2015
10:03 garga search for other commits by this committer
- Add GCM and SMP options
- Add pkgconfig to the list of dependencies
- Enable IKEv1 OPTION by default
- Bump PORTREVISION

PR:		197824
Submitted by:	Franco Fichtner <franco@lastsummer.de> (based on)
Reworked by:	strongswan@Nanoteq.com (maintainer)
Approved by:	strongswan@Nanoteq.com (maintainer)
Original commitRevision:379892 
Friday, 9 Jan 2015
17:15 garga search for other commits by this committer
- Update to 5.2.2
- Add LICENSE

PR:		196615
Approved by:	strongswan@Nanoteq.com (maintainer)
Security:	CVE-2014-9221
Original commitRevision:376625 
Sunday, 14 Dec 2014
21:43 pawel search for other commits by this committer
- Update to version 5.2.1 [1]
- Convert to USES=execinfo
- Fix LDAP, MYSQL options

PR:		195580 [1]
Submitted by:	maintainer [1]
Original commitRevision:374724 
Friday, 22 Aug 2014
09:06 amdmi3 search for other commits by this committer
- Switch dns/unbound to USES=libtool, drop .la files
- Bump dependent ports as .so version has changed
- While here, add LICENSE_FILE to dns/getdns

Approved by:	portmgr blanket
Original commitRevision:365620 
Tuesday, 19 Aug 2014
13:40 marino search for other commits by this committer
security/strongswan: Upgrade version 5.1.3 => 5.2.0

While here, including missing library files and use install-strip
target.  Maintainer added a crash fix patch while reviewing.

PR:		192366
Submitted by:	dewayne (heruristicssystems.com.au)
Approved by:	maintainer (strongswan nanoteq.com)
Original commitRevision:365377 
Thursday, 24 Jul 2014
18:34 tijl search for other commits by this committer
net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample

databases/libgdamm:
- Drop :keepla
- USES=tar:bzip2
- Use INSTALL_TARGET=install-strip

databases/libgdamm5:
- Add INSTALL_TARGET=install-strip
- Drop --enable-static (inherited from old repocopy)

devel/anjuta x11-toolkits/py-gnome-extras:
- Drop :keepla

dns/powerdns dns/powerdns-devel:
- Convert to USES=libtool
- Add INSTALL_TARGET=install-strip
- Disable static modules
- Stop creating library symlinks with .0 suffix, not needed for dynamically
  opened modules

mail/dovecot2:
- Add USES=libtool

mail/dovecot2-pigeonhole:
- Drop CONFIGURE_TARGET (incorrect for Dragonfly)
- Add USES=libtool and INSTALL_TARGET=install-strip

math/gnumeric:
- USES=libtool tar:xz

Approved by:	portmgr (implicit, bump unstaged ports)
Original commitRevision:362835 
Friday, 27 Jun 2014
17:21 miwi search for other commits by this committer
- Chase database/sqlite3 slib bump

Approved by:	portmgr (myself)
Original commitRevision:359586 
Thursday, 15 May 2014
12:47 pi search for other commits by this committer
security/strongswan: update 5.1.1 -> 5.1.3 with security update

- Update strongSwan port to 5.1.3 to resolve CVE 2014-2338
- Fixed rcvar issue with FreeBSD 10 (ports/186865)
- Added building of additional tools included in strongswan (ports/186867)
- libtool fix
- pkg-plist updated

PR:             ports/189132, ports/186865, ports/186867
Submitted by:   Robert Sevat, Dewayne Geraghty, Francois ten Krooden
(maintainer)
Approved by:    jadawin (mentor)
Original commitRevision:354114 
Friday, 14 Feb 2014
14:37 decke search for other commits by this committer
- Use OPTIONS_SUB=yes
- Prefer ${INSTALL_DATA} over ${MV}
- Whitespace fix

Thanks to:	garga@
Original commitRevision:344214 
Sunday, 9 Feb 2014
18:15 antoine search for other commits by this committer
- Remove MANx, man pages are already moved to plist
- Use new LIB_DEPENDS syntax
Original commitRevision:343534 
Friday, 7 Feb 2014
14:55 decke search for other commits by this committer
- Add missing manpages

PR:		ports/186264
Submitted by:	HASHI Hiroaki <hashiz@meridiani.jp>
Approved by:	strongswan <strongswan@Nanoteq.com> (maintainer)
Original commitRevision:343254 
Monday, 27 Jan 2014
13:35 decke search for other commits by this committer
- Update to 5.1.1
- Added EAP dynamic proxy module
- Added EAP Radius proxy authentication
- Added DNSSEC/unbound support
- Added kernel libipsec plugin
- Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
- Convert to new options format

PR:		ports/185535
Submitted by:	Francois ten Krooden <strongswan@nanoteq.com> (maintainer)
Security:	CVE-2013-5018
Security:	CVE-2013-6075
Security:	CVE-2013-6076
Original commitRevision:341405 
Friday, 20 Sep 2013
22:55 bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
security)
Original commitRevision:327769 
Thursday, 11 Jul 2013
16:26 sunpoet search for other commits by this committer
- Update to 7.31.0
- Bump PORTREVISION for ftp/curl shlib change
- Add TEST_DEPENDS
- Convert to new options framework
- Adjust options:
  - Add COOKIES
  - Add CYASSL, NSS, POLARSSL, THREADED_RESOLVER, TLS_SRP [1]
  - Add GSSAPI and SPNEGO [2]
  - Remove KERBEROS4
  - Rename LIBIDN to IDN
  - Remove TRACKMEMORY [1]
- Sort option handler
- Add SLAVEDIRS: ftp/curl-hiphop
- Cosmetic change
- Cleanup Makefile header
- While I'm here, fix typo (PORTREVSION) in x11-wm/ede/Makefile

Changes:	http://curl.haxx.se/changes.html
PR:		ports/172325 (-exp run), ports/177369 (based on) [1]
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> [1], hrs (via email) [2]
Exp run by:	miwi
Original commitRevision:322783 
Friday, 3 May 2013
18:16 ohauer search for other commits by this committer
- update to version 5.0.4 which fixes CVE-2013-2944.
- add entry to vuxml
- add CVE references to jankins vuxml entry

while I'm here remove .sh from rc script

PR:		ports/178266
Submitted by:	David Shane Holden <dpejesh@yahoo.com>
Approved by:	strongswan@nanoteq.com (maintainer)
Original commitRevision:317229 
Monday, 7 Jan 2013
12:11 tota search for other commits by this committer
- Update to 5.0.1
- Change maintainer address
- Trim Makefile header
- Convert to new options framework
- Cleanup

PR:		ports/173860 (based on)
Submitted by:	Riaan Kruger (maintainer)
Original commitRevision:310039 
Thursday, 22 Sep 2011
21:37 flo search for other commits by this committer
update to 4.5.3

PR:             ports/160401
Submitted by:   Riaan Kruger <riaank@gmail.com> maintainer
Original commit
Friday, 29 Apr 2011
12:24 culot search for other commits by this committer
- Update to 4.5.1 [1]
- Pet portlint(1) (change spaces into tabs and reformat IGNORE message)

PR:             ports/156711 [1]
Submitted by:   Riaan Kruger <riaank@gmail.com> (maintainer)
Original commit
Saturday, 4 Dec 2010
07:34 ade search for other commits by this committer
Sync to new bsd.autotools.mk
Original commit
Thursday, 26 Aug 2010
13:40 pav search for other commits by this committer
Strongswan is an open source IPsec-based VPN solution.
Strongswan for FreeBSD supports IKEv2 but NOT IKEv1.

WWW: http://www.strongswan.org

PR:             ports/147431
Submitted by:   Riaan Kruger <riaank@gmail.com>
Original commit

Number of commits found: 93