/devel/re2/

xmlns='http://www.w3.org/1999/xhtml'> 
- enable options ADMINPORT and WCPSKEY by default;
- polish NATT_DESC a bit as we have releases past 11.0-STABLE;
- bump PORTREVISION.
security/ipsec-tools: add support for multiple if_ipsec(4) interfaces 2018-08-10T10:03:30+00:00 eugen eugen@FreeBSD.org 2018-08-10T10:03:30+00:00 61d8eb7910d3f5787cd8466b6cb1d452baa53b31 - added patch introducing racoon compatibility with multiple if_ipsec(4) interfaces (*); - MAINTAINER reset due to nearly 3 years maintainer inactivity; - bump PORTREVISION. Submitted by: ae (*) Approved by: vanhu (implicitly) 
- added patch introducing racoon compatibility with multiple
  if_ipsec(4) interfaces (*);
- MAINTAINER reset due to nearly 3 years maintainer inactivity;
- bump PORTREVISION.

Submitted by:	ae (*)
Approved by:	vanhu (implicitly)
Fix phase 1 initiation in the racoon daemon after base system change r285204 2018-04-29T10:00:01+00:00 eugen eugen@FreeBSD.org 2018-04-29T10:00:01+00:00 1ebe7ff988d410e3f789d29d089ed23af93a9df8 PR: 192774, 222065 Submitted by: Andreas Longwitz <longwitz@incore.de> Approved by: VANHULLEBUS Yvan (maintainer, implicitly) 
PR:		192774, 222065
Submitted by:	Andreas Longwitz <longwitz@incore.de>
Approved by:	VANHULLEBUS Yvan (maintainer, implicitly)
security/ipsec-tools: fix CVE-2016-10396 2018-04-14T12:07:58+00:00 eugen eugen@FreeBSD.org 2018-04-14T12:07:58+00:00 3998a35ab14dc343da3d58b64645e9402df38d58 The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. The fix obtained from NetBSD CVS head with a command: cvs diff -D 2017-01-24 -D 2017-09-01 \ src/racoon/handler.h \ src/racoon/isakmp.c \ src/racoon/isakmp_frag.c \ src/racoon/isakmp_inf.c While here, add LICENSE. PR: 225066 Approved by: VANHULLEBUS Yvan (maintainer timeout, 3 months) Obtained from: NetBSD MFH: 2018Q1 Security: CVE-2016-10396 
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP fragments.
The implementation permits a remote attacker to exhaust computational
resources on the remote endpoint by repeatedly sending ISAKMP fragment
packets in a particular order such that the worst-case computational
complexity is realized in the algorithm utilized to determine
if reassembly of the fragments can take place.

The fix obtained from NetBSD CVS head with a command:

cvs diff -D 2017-01-24 -D 2017-09-01 \
	src/racoon/handler.h \
	src/racoon/isakmp.c \
	src/racoon/isakmp_frag.c \
	src/racoon/isakmp_inf.c

While here, add LICENSE.

PR:		225066
Approved by:	VANHULLEBUS Yvan (maintainer timeout, 3 months)
Obtained from:	NetBSD
MFH:		2018Q1
Security:	CVE-2016-10396
This patch adds NATT_EXTRA_PATCHES=natt.diff and enables only UDP encapsulation defined in RFC3948. 2017-04-18T14:36:08+00:00 eugen eugen@FreeBSD.org 2017-04-18T14:36:08+00:00 5991e2bd00128ba21badd69ed6bb1e5c988494d6 The natt.diff patch contains the following changes: * added support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages; * used NAT address instead of original for SAs created by racoon; * NAT-T keep-alives now sends only by NATed host. Tested with 11.0-STABLE after projects/ipsec merge. PR: 217131 Submitted by: Andrey V. Elsukov Approved by: VANHULLEBUS Yvan (maintainer timeout, 2 months), vsevolod (mentor) 
The natt.diff patch contains the following changes:
* added support for SADB_X_EXT_NAT_T_OAI and SADB_X_EXT_NAT_T_OAR PF_KEY messages;
* used NAT address instead of original for SAs created by racoon;
* NAT-T keep-alives now sends only by NATed host.

Tested with 11.0-STABLE after projects/ipsec merge.

PR:		217131
Submitted by:	Andrey V. Elsukov
Approved by:	VANHULLEBUS Yvan (maintainer timeout, 2 months), vsevolod (mentor)
Remove all USE_OPENSSL occurrences. 2017-03-15T14:45:30+00:00 mat mat@FreeBSD.org 2017-03-15T14:45:30+00:00 6995bd7d8fbe7cdb0e5fc7a2f82217a473513738 Sponsored by: Absolight 
Sponsored by:	Absolight
${RM} already has -f. 2016-10-21T12:51:40+00:00 mat mat@FreeBSD.org 2016-10-21T12:51:40+00:00 316cf6317eb621c4567d3b8e337fa9ba3097ea56 PR: 213570 Submitted by: mat Exp-run by: antoine Sponsored by: Absolight 
PR:		213570
Submitted by:	mat
Exp-run by:	antoine
Sponsored by:	Absolight