| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Security & Bugfix Update to 5.9.4:
- Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4
- While here change repos to https
- Fix CVE-2021-41990: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
- Fix CVE-2021-41991: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
PR: 259267
Approved by: strongswan@Nanoteq.com (maintainer)
MFH: 2021Q4
|
|
|
|
|
|
|
| |
Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.3
PR: 257564
Approved by: strongswan@Nanoteq.com (maintainer)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix default control-interface in rc.d script and also
make it user-selectable at build time, defaulting to VICI.
Also mention this change in pkg-message, as previously the
default was "stroke" and it was changed to "vici" with
only a short notice in UPDATING, that was not displayed
when using binary upgrades.
Committing a portfmt'd version.
PR: 255952
Approved by: strongswan@Nanoteq.com (maintainer)
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
default
Add UPDATING entry with migration instruction.
PR: 249865
Submitted by: driesm.michiels@gmail.com
Approved by: strongswan@nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=568683
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLog: https://wiki.strongswan.org/versions/80
While here, pet linters
PR: 254047
Submitted by: jlduran@gmail.com
Approved by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=567895
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://wiki.strongswan.org/versions/79
PR: 252202
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Approved by: strongswan@nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=559621
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Also link the tpm2-tss package for testing with the TPM plugin:
https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin
PR: 249470
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Approved by: strongswan@Nanoteq.com (maintainer)
Relnotes: https://wiki.strongswan.org/versions/78
Notes:
svn path=/head/; revision=550035
|
|
|
|
|
|
|
|
|
|
|
| |
make test passes OK
PR: 246535
Submitted by: jlduran@gmail.com
Reviewed by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=536014
|
|
|
|
|
|
|
|
|
|
| |
PR: 245199
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Approved by: strongswan@Nanoteq.com (maintainer)
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=531624
|
|
|
|
|
|
|
|
| |
PR: 245087
Sponsored by: Netzkommune GmbH
Notes:
svn path=/head/; revision=529774
|
|
|
|
|
|
|
|
|
|
| |
PR: 243254
Submitted by: Dries Michiels <driesm.michiels@gmail.com>
Approved by: maintainer
Event: Brussels DevSummit 2020
Notes:
svn path=/head/; revision=524730
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the following discussion: https://reviews.freebsd.org/D20163
It makes sense to add ipsec as required module for the rc script
of strongSwan.
PR: 243316
Submitted by: Dries Michiels <driesm.michiels@gmail.com>
Approved by: maintainer
Notes:
svn path=/head/; revision=522689
|
|
|
|
|
|
|
|
|
|
| |
PR: 242687
Approved by: maintainer
Obtained from: pfSense
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=521493
|
|
|
|
|
|
|
|
|
|
| |
PR: 240684
Approved by: strongswan@Nanoteq.com (maintainer)
Obtained from: pfSense
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=513403
|
|
|
|
|
|
|
|
|
| |
PR: 240316
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Approved by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=512739
|
|
|
|
|
|
|
|
|
|
| |
PR: 239458
Submitted by: Evgeny <mojolicious@yandex.com> (initial revision)
strongswan@Nanoteq.com (maintainer, brushed-up revision)
Approved by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=509483
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.
[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html
PR: 239395
Submitted by: myself
Approved by: portmgr (mat)
Differential Revision: https://reviews.freebsd.org/D21174
Notes:
svn path=/head/; revision=508887
|
|
|
|
|
|
|
|
|
|
| |
PR: 238173
Approved by: maintainer
Obtained from: pfSense
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=502953
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The rc script is modified to allow both a legacy (ipsec.conf-based)
startup or a new (swanctl.conf-based) config. Default is the legacy.
The new setup is based on vici, the Versatile IKE Configuration Interface.
For more details, see:
https://wiki.strongswan.org/projects/strongswan/wiki/Vici
PR: 234648
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Reviewed by: Sam Chen <sc.gear@one.caeon.com>
Approved by: strongswan@Nanoteq.com (maintainer)
Differential Revision: D19367
Notes:
svn path=/head/; revision=495117
|
|
|
|
|
|
|
|
|
| |
PR: 236218
Submitted by: Franco Fichtner <franco@opnsense.org>
Approved by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=495112
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Follow the same patching logic for swanctl.conf as the other config
files.
- Silence warning: $strongswan_enable not properly set.
PR: 235340
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Approved by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=494736
|
|
|
|
|
|
|
|
|
| |
PR: 234882
Submitted by: Jose Luis Duran <jlduran@gmail.com>
Approved by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=490298
|
|
|
|
|
|
|
|
|
|
|
|
| |
PR: 231862
Approved by: maintainer
Obtained from: pfSense
MFH: 2018Q4
Security: CVE-2018-16151 CVE-2018-16152
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=481111
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
_nice, _fib
Do not bump version since I'll commit the upgrade to 5.7.1 just after it
PR: 211108
Submitted by: Dmitry Wagin <dmitry.wagin@ya.ru>
Approved by: maintainer
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=481110
|
|
|
|
|
|
|
|
|
|
|
|
| |
- While here, silence portlint warning renaming option IKEv1 to IKEV1
PR: 231720
Approved by: maintainer
Obtained from: pfSense
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=480733
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
- Denial-of-Service Vulnerability in the IKEv2 key derivation
(CVE-2018-10811)
- Denial-of-Service Vulnerability in the stroke plugin
(CVE-2018-5388)
- Crash on FreeBSD that was present in 5.6.2
- The kernel-pfkey plugin optionally installs routes via internal
interface (one with an IP in the local traffic selector). On
FreeBSD, enabling this selects the correct source IP when sending
packets from the gateway itself.
PR: 228631
Submitted by: maintainer
Notes:
svn path=/head/; revision=471205
|
|
|
|
|
|
|
|
|
|
|
| |
While here, added LICENSE_FILE.
PR: 226404
Submitted by: strongswan@Nanoteq.com (maintainer)
Approved by: tcberner (mentor, implicit)
Notes:
svn path=/head/; revision=463768
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Enable CURL option by default [2]
PR: 226043 [1], 220488 [2]
Submitted by: strongswan@Nanoteq.com (maintainer) [1]
karl@denninger.net [2]
Approved by: maintainer [2]
MFH: 2018Q1
Security: CVE-2018-6459
Sponsored by: Rubicon Communications, LLC (Netgate)
Notes:
svn path=/head/; revision=463323
|
|
|
|
|
|
|
|
|
|
| |
PR: 220271
Submitted by: mat (review), Yasuhiro KIMURA (PR)
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D11488
Notes:
svn path=/head/; revision=450351
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- the gmp plugin responsible for CVE-2017-11185 is not enabled
in the FreeBSD build
PR: 221716
Relnotes: https://wiki.strongswan.org/versions/66
Reported by: i.dani@outlook.com
Approved by: strongswan@nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=448590
|
|
|
|
|
|
|
|
|
| |
PR: 220823
Submitted by: strongswan@Nanoteq.com (maintainer)
Reported by: i.dani@outlook.com
Notes:
svn path=/head/; revision=446193
|
|
|
|
|
|
|
|
| |
Approved by: strongswan@nanoteq.com (maintainer)
Sponsored by: Orange
Notes:
svn path=/head/; revision=440527
|
|
|
|
|
|
|
|
|
| |
PR: 218430
Approved by: maintainer
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=438397
|
|
|
|
|
|
|
| |
PR: 217495
Notes:
svn path=/head/; revision=435306
|
|
|
|
|
|
|
|
|
|
| |
PR: 213844
Approved by: strongswan@Nanoteq.com (maintainer)
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=426700
|
|
|
|
|
|
|
| |
Approved by: SSL blanket
Notes:
svn path=/head/; revision=421949
|
|
|
|
|
|
|
|
| |
PR: 211095
Submitted by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=418809
|
|
|
|
|
|
|
|
|
|
|
| |
- Add patch to include sys/endian.h header
PR: 208446
Submitted by: strongswan@Nanoteq.com (maintainer)
MFH: 2016Q2 (build fix blanket)
Notes:
svn path=/head/; revision=412481
|
|
|
|
|
|
|
|
| |
With hat: portmgr
Sponsored by: Absolight
Notes:
svn path=/head/; revision=412349
|
|
|
|
|
|
|
|
|
|
| |
PR: 208219
Approved by: swan@nanoteq.com (maintainer)
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=411720
|
|
|
|
|
|
|
|
| |
PR: 207948
Submitted by: jaap@NLnetLabs.nl (maintainer)
Notes:
svn path=/head/; revision=411143
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Enable PKI, SWANCTL, and VICI options (no external dependencies)
- Document IMPLIES dependency on VICI for SWANCTL; mention in SWANCTL_DESC
- Bump PORTREVISION
PR: 205438
Reported by: Nick B <nicblais@clkroot.net>
Submitted by: strongswan@Nanoteq.com (maintainer)
Notes:
svn path=/head/; revision=409026
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Bump PORTREVISIOn on dependent ports
Some Upgrade Notes:
This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.
Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the
qname minimisation, and that will both stop privacy sensitive traffic
and reduce nonsense traffic to authority servers. So consider
enabling both. In this implementation IPv6 reverse lookups add
several labels per increment, because otherwise those lookups would be
very slow. [ Reference
https://tools.ietf.org/html/draft-ietf-dnsop-qname-minimisation-08 ]
More details at <http://unbound.net>
PR: 206347
Submitted by: Jaap Akkerhuis <jaap@NLnetLabs.nl>
Approved by: maintainer timeout
Sponsored by: DK Hostmaster A/S
Notes:
svn path=/head/; revision=408047
|
|
|
|
|
|
|
| |
committed in r402880, as suggested by AMDmi3
Notes:
svn path=/head/; revision=402881
|
|
|
|
|
|
|
|
|
|
| |
since GCM is disabled by default
Submitted by: Jose Luis Duran
Obtained from: https://github.com/pfsense/FreeBSD-ports/pull/2
Notes:
svn path=/head/; revision=402880
|
|
|
|
|
|
|
|
|
|
| |
PR: 204959
Approved by: strongswan@Nanoteq.com (maintainer)
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=402817
|
|
|
|
|
|
|
|
|
|
|
|
| |
PR: 204597
Submitted by: strongswan@nanoteq.com (maintainer)
MFH: 2015Q4
Security: CVE 2015-8023
Security: https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=401762
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- dff2d05bb9 [1]: kernel-pfKey: Enable AES-CTR
- 04f22cdabc [2]: VICI: add NAT information
Bump PORTREVISION
[1] https://github.com/strongswan/strongswan/commit/dff2d05bb9bec684b3b2efdafc9a47219550bbe1
[2] https://github.com/strongswan/strongswan/commit/04f22cdabc1c97d38692f95392429839f0fa90d1
PR: 204398
Approved by: maintainer
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=401115
|