From owner-svn-ports-all@FreeBSD.ORG  Wed Feb 12 12:06:55 2014
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F1BF74A7;
 Wed, 12 Feb 2014 12:06:54 +0000 (UTC)
Received: from mail-yh0-x232.google.com (mail-yh0-x232.google.com
 [IPv6:2607:f8b0:4002:c01::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 788C61A3B;
 Wed, 12 Feb 2014 12:06:54 +0000 (UTC)
Received: by mail-yh0-f50.google.com with SMTP id 29so8371378yhl.9
 for <multiple recipients>; Wed, 12 Feb 2014 04:06:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=sender:message-id:date:from:organization:user-agent:mime-version:to
 :subject:references:in-reply-to:content-type;
 bh=w8hdIfH/PKfq11qsYoOEVte8cqpLG6yYYj9fW9VtZgw=;
 b=det/MLxoKDe7gKtMQ0Dcuzj0rB6ulsHpdtsX1mJSOHruPSPrrpqcD75vM+uAhOIWam
 VhBCr75xzsuiGKKmuOyYPL411KDtycnR5jf6bdmESBBUedpa4IiwHyKUIs9rZO4H71mP
 b/u5WKD00OK2+/RtUg8VTUOcUwyfmMlaPSoKUvr8Q/9LG7YhPqdEmaYuxEhW2Hg2Ir5y
 KjJyYqUw9SjFZq4OZhwZJiKXxZvLrFao6de7zTiRCEZsbJlpNI55+fYfzp9I6Z3Fo1xf
 KJLh/pXPKCCM2ajN9UZGL4qIFKyMhSWqj27mv5sbqY5x29n/R5/xSAWQZ6aZlJ5k9FKd
 aqsQ==
X-Received: by 10.236.32.36 with SMTP id n24mr472178yha.116.1392206813587;
 Wed, 12 Feb 2014 04:06:53 -0800 (PST)
Received: from [192.168.11.100] ([189.111.56.217])
 by mx.google.com with ESMTPSA id n6sm36799369yha.20.2014.02.12.04.06.51
 for <multiple recipients>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 12 Feb 2014 04:06:52 -0800 (PST)
Sender: Renato Botelho <garga.bsd@gmail.com>
Message-ID: <52FB63D9.10701@FreeBSD.org>
Date: Wed, 12 Feb 2014 10:06:49 -0200
From: Renato Botelho <garga@FreeBSD.org>
Organization: The FreeBSD Project
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Bernhard Froehlich <decke@FreeBSD.org>, ports-committers@freebsd.org, 
 svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject: Re: svn commit: r341405 - head/security/strongswan
References: <201401271335.s0RDZfTj022362@svn.freebsd.org>
In-Reply-To: <201401271335.s0RDZfTj022362@svn.freebsd.org>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="xPofUBsWDd6cGf93Ib80GWAfuIah1kvPs"
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2014 12:06:55 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--xPofUBsWDd6cGf93Ib80GWAfuIah1kvPs
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 27-01-2014 11:35, Bernhard Froehlich wrote:
> Author: decke
> Date: Mon Jan 27 13:35:40 2014
> New Revision: 341405
> URL: http://svnweb.freebsd.org/changeset/ports/341405
> QAT: https://qat.redports.org/buildarchive/r341405/
>=20
> Log:
>   - Update to 5.1.1
>   - Added EAP dynamic proxy module
>   - Added EAP Radius proxy authentication
>   - Added DNSSEC/unbound support
>   - Added kernel libipsec plugin
>   - Changed configuration files to install to ${PREFIX}/etc/<filename>.=
conf.sample
>   - Convert to new options format
>  =20
>   PR:		ports/185535
>   Submitted by:	Francois ten Krooden <strongswan@nanoteq.com> (maintain=
er)
>   Security:	CVE-2013-5018
>   Security:	CVE-2013-6075
>   Security:	CVE-2013-6076
>=20
> Modified:
>   head/security/strongswan/Makefile
>   head/security/strongswan/distinfo
>   head/security/strongswan/pkg-plist
>=20
> Modified: head/security/strongswan/Makefile
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/security/strongswan/Makefile	Mon Jan 27 13:35:10 2014	(r341404=
)
> +++ head/security/strongswan/Makefile	Mon Jan 27 13:35:40 2014	(r341405=
)
> @@ -2,8 +2,7 @@
>  # $FreeBSD$
> =20
>  PORTNAME=3D	strongswan
> -PORTVERSION=3D	5.0.4
> -PORTREVISION=3D	1
> +PORTVERSION=3D	5.1.1
>  CATEGORIES=3D	security
>  MASTER_SITES=3D	http://download.strongswan.org/ \
>  		http://download2.strongswan.org/
> @@ -37,6 +36,7 @@ CONFIGURE_ARGS=3D	--enable-kernel-pfkey \
>  		--enable-blowfish \
>  		--enable-addrblock \
>  		--enable-whitelist \
> +		--enable-cmd \
>  		--with-group=3Dwheel  \
>  		--with-lib-prefix=3D${PREFIX}
> =20
> @@ -44,38 +44,47 @@ CONFIGURE_ARGS=3D	--enable-kernel-pfkey \
>  MAN5=3D	ipsec.conf.5 ipsec.secrets.5 strongswan.conf.5
>  MAN8=3D	ipsec.8 _updown.8 _updown_espmark.8
> =20
> -OPTIONS_DEFINE=3D	CURL EAPAKA3GPP2 EAPSIMFILE IKEv1 LDAP MYSQL SQLITE
> +OPTIONS_DEFINE=3D	CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE IKE=
v1 \
> +		IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MYSQL SQLITE \
> +		TESTVECTOR UNBOUND XAUTH
> +OPTIONS_SUB=3D	${OPTIONS_DEFINE}
>  CURL_DESC=3D	Enable CURL to fetch CRL/OCSP
>  EAPAKA3GPP2_DESC=3D	Enable EAP AKA with 3gpp2 backend
> +EAPDYNAMIC_DESC=3D	Enable EAP dynamic proxy module
> +EAPRADIUS_DESC=3D		Enable EAP Radius proxy authentication
>  EAPSIMFILE_DESC=3D	Enable EAP SIM with file backend
> -IKEv1_DESC=3D	Enable IKEv1 support (Experimental)
> -
> -NO_STAGE=3D	yes
> -.include <bsd.port.options.mk>
> +IKEv1_DESC=3D	Enable IKEv1 support
> +IPSECKEY_DESC=3D	Enable authentication with IPSECKEY resource records =
with DNSSEC
> +KERNELLIBIPSEC_DESC=3D	Enable IPSec userland backend
> +LOADTESTER_DESC=3D	Enable load testing plugin
> +TESTVECTOR_DESC=3D	Enable crypto test vectors
> +UNBOUND_DESC=3D	Enable DNSSEC-enabled resolver
> +XAUTH_DESC=3D	Enable XAuth password verification
> =20
>  # Extra options
> -.if ${PORT_OPTIONS:MCURL}
> -CONFIGURE_ARGS+=3D	--enable-curl
> -LIB_DEPENDS+=3D	curl:${PORTSDIR}/ftp/curl
> -PLIST_SUB+=3D	CURL=3D""
> -.else
> -PLIST_SUB+=3D	CURL=3D"@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MEAPSIMFILE}
> -CONFIGURE_ARGS+=3D	--enable-eap-sim --enable-eap-sim-file
> -PLIST_SUB+=3D	EAPSIMFILE=3D""
> -.else
> -PLIST_SUB+=3D	EAPSIMFILE=3D"@comment "
> -.endif
> +CURL_CONFIGURE_ON=3D	--enable-curl
> +CURL_LIB_DEPENDS=3D	curl:${PORTSDIR}/ftp/curl
> +EAPAKA3GPP2_CONFIGURE_ON=3D	--enable-eap-aka --enable-eap-aka-3gpp2
> +EAPAKA3GPP2_LIB_DEPENDS=3Dgmp:${PORTSDIR}/math/gmp
> +EAPDYNAMIC_CONFIGURE_ON=3D--enable-eap-dynamic
> +EAPRADIUS_CONFIGURE_ON=3D	--enable-eap-radius
> +EAPSIMFILE_CONFIGURE_ON=3D--enable-eap-sim --enable-eap-sim-file
> +IKEv1_CONFIGURE_OFF=3D	--disable-ikev1
> +IPSECKEY_CONFIGURE_ON=3D	--enable-ipseckey
> +KERNELLIBIPSEC_CONFIGURE_ON=3D	--enable-kernel-libipsec
> +LOADTESTER_CONFIGURE_ON=3D--enable-load-tester
> +LDAP_CONFIGURE_ON=3D	--enable-ldap
> +LDAP_USE=3D		USE_OPENLDAP=3Dyes
> +MYSQL_CONFIGURE_ON=3D	--enable-mysql
> +MYSQL_USE=3D		USE_MYSQL=3Dyes
> +SQLITE_CONFIGURE_ON=3D	--enable-sqlite
> +SQLITE_LIB_DEPENDS=3D	sqlite3:${PORTSDIR}/databases/sqlite3
> +TESTVECTOR_CONFIGURE_ON=3D--enable-test-vectors
> +UNBOUND_CONFIGURE_ON=3D	--enable-unbound
> +UNBOUND_LIB_DEPENDS=3D	unbound:${PORTSDIR}/dns/unbound
> +XAUTH_CONFIGURE_ON=3D	--enable-xauth-eap --enable-xauth-generic
> =20
> -.if ${PORT_OPTIONS:MEAPAKA3GPP2}
> -CONFIGURE_ARGS+=3D	--enable-eap-aka --enable-eap-aka-3gpp2
> -LIB_DEPENDS+=3D	gmp:${PORTSDIR}/math/gmp
> -PLIST_SUB+=3D	EAPAKA3GPP2=3D""
> -.else
> -PLIST_SUB+=3D	EAPAKA3GPP2=3D"@comment "
> -.endif
> +.include <bsd.port.options.mk>
> =20
>  .if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
>  PLIST_SUB+=3DSIMAKA=3D""
> @@ -83,37 +92,6 @@ PLIST_SUB+=3DSIMAKA=3D""
>  PLIST_SUB+=3DSIMAKA=3D"@comment "
>  .endif
> =20
> -.if ${PORT_OPTIONS:MIKEv1}
> -PLIST_SUB+=3D	IKEv1=3D""
> -.else
> -CONFIGURE_ARGS+=3D	--disable-ikev1
> -PLIST_SUB+=3D	IKEv1=3D"@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MLDAP}
> -USE_OPENLDAP=3D	yes
> -CONFIGURE_ARGS+=3D	--enable-ldap
> -PLIST_SUB+=3D	LDAP=3D""
> -.else
> -PLIST_SUB+=3D	LDAP=3D"@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MMYSQL}
> -CONFIGURE_ARGS+=3D	--enable-mysql
> -USE_MYSQL=3D	yes
> -PLIST_SUB+=3D	MYSQL=3D""
> -.else
> -PLIST_SUB+=3D	MYSQL=3D"@comment "
> -.endif
> -
> -.if ${PORT_OPTIONS:MSQLITE}
> -CONFIGURE_ARGS+=3D	--enable-sqlite
> -LIB_DEPENDS+=3D	sqlite3:${PORTSDIR}/databases/sqlite3
> -PLIST_SUB+=3D	SQLITE=3D""
> -.else
> -PLIST_SUB+=3D	SQLITE=3D"@comment "
> -.endif
> -
>  .if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
>  CONFIGURE_ARGS+=3D	--enable-attr-sql --enable-sql
>  PLIST_SUB+=3D	SQL=3D""
> @@ -121,11 +99,9 @@ PLIST_SUB+=3D	SQL=3D""
>  PLIST_SUB+=3D	SQL=3D"@comment "
>  .endif
> =20
> -.include <bsd.port.pre.mk>
> -
> -# Requires FreeBSD 8 and above to work
> -.if ${OSVERSION} < 800000
> -IGNORE=3D		requires at least FreeBSD 8.X
> -.endif
> +post-install:
> +	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
> +	${MV} ${STAGEDIR}${PREFIX}/etc/strongswan.conf ${STAGEDIR}${EXAMPLESD=
IR}
> +	${MV} ${STAGEDIR}${PREFIX}/etc/ipsec.conf ${STAGEDIR}${EXAMPLESDIR}

Just one more thing that I noted, it would be better to use
${INSTALL_DATA} here instead of ${MV}

--=20
Renato Botelho <garga     @ FreeBSD.org>
               <garga.bsd @ gmail.com>
GnuPG Key: http://www.FreeBSD.org/~garga/pubkey.asc


--xPofUBsWDd6cGf93Ib80GWAfuIah1kvPs
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJS+2PZAAoJEPHw56GfYleQ2XMP/jcchBqldxxbZ65OL/CAIxdG
/PnoOf9+Vj0z38fc9CmTGqXxs2LmAVTw77HMcKJk/7mnAbFlfvyUViFp1d+Fpe15
cmJ8LpqEqPM4Pt/VTcvmKPJbEhzxIK0iwfyJmjaGvT2lI5DiBzNnY2BOVvwxWB/+
ti8Ax4JDUNE0cTVkk8ew06FvRttFtgS3KsPPmCmdt4oHt6Mr0Oy1riREFNSOjRe4
yNTI0E6yt4fhBHVanfMECJ4nU3YpbfgUYP/b1V+MTOB0vDI6pIibBFKUY1CGCGPS
IzlZwIvvgbkISMWOnrR880KAs+mYbTJ+QZVHVn0UKpZe73YDDwXrhemrZeow5zhb
yXEaIZcgiy2uxMXFn/dhJ9pU/pOswjp+ZzgdBVwacO/oEJr18ufttQzAKsnugJoc
QCpFqouhlKc6xB6MnGXmsDlMig+BWmj9vw8t5M/rFBiJIM0SZPggV06T9iNp5rIZ
o6/7krBVI2WSJWa3Tn+s+GEaSkHb6BxggqOC+O0eU3zw3JhJi8VQw7O51q43GVOI
VnWfW+HTt1ESyAsqGWot++W5LJ8Fqmz5Npj5uyeIdIKWILJYAQbhbeV+3QwFjkLf
Dk0EOdXYCRTp2c1lsGeX+Fuom08pB/pXZ1mFVzGoBm0+MIoP6+esEdTwEMQ/zRnd
wRRdXZnLUmUDJzGse1wE
=/czY
-----END PGP SIGNATURE-----

--xPofUBsWDd6cGf93Ib80GWAfuIah1kvPs--