security/strongswan: Moved man to share/man

Approved by:    portmgr (blanket)

security/strongswan: Update to 5.9.13

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.13

PR:		275620
Reported by:	jlduran@gmail.com
MFH:		2023Q4 (security fix)
Security:	CVE-2023-41913

security/strongswan: fix CVE-2023-41913

This is urgent change adding official patch
https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
that is identical to the change made for strongswan-5.9.12:
https://github.com/strongswan/strongswan/commit/96d793718955820dfe5e6d8aa6127a34795ae39e

It is upto port maintainer to review and maybe upgrade the port to 5.9.12

Obtained from:	strongSwan
Security:	CVE-2023-41913

security/strongswan: Explicitly set sysconfdir

This allows for proper substitution in manual pages.

PR:		273138
Reported by:	jlduran@gmail.com
Reviewed by:	strongswan@Nanoteq.com (maintainer timeout > 2 weeks)

security/strongswan: Fix route installation

cherry-pick upstream commit a619356 to fix route installation on FreeBSD

PR:		272841
Reported by:	matteo@FreeBSD.org
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Update to 5.9.11

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.11

PR:		272739
Reported by:	matteo@FreeBSD.org
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Fix  TLS 1.2 in EAP-TLS plugin

Cherry pick commit from upstream.

PR:		270380
Reported by:	dronmbi@gtn.ru
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: upgrade 5.9.9 -> 5.9.10 to fix CVE-2023-26463

See also:
 
https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html

PR:		269976
Approved-by:	Francois ten Krooden <strongswan@Nanoteq.com> (maintainer)
Changelog:	https://github.com/strongswan/strongswan/releases/tag/5.9.10

security/strongswan: fix CVE-2023-26463

This is urgent change adding official patch
https://download.strongswan.org/security/CVE-2023-26463/strongswan-5.9.8-5.9.9_tls_auth_bypass_exp_pointer.patch

It is upto port maintainer to review and maybe upgrade
the port to 5.9.10.

Obtained from:	strongSwan
Security:	CVE-2023-26463

Mk/**ldap.mk: Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

security/strongswan: Remove --with-lib-prefix

Remove flag already in the default option.

PR:		268918
Reported by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer, implicit in PR)

security/strongswan: Update to 5.9.9

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.9

PR:		268918 262743
Reported by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Add GCM option to OPTIONS_DEFAULT

 Avoid the message:

 "plugin 'gcm': failed to load - gcm_plugin_create not found and no
 plugin file available"

 According to strongSwan's 5.9.8 release notes[1]:

 The gcm plugin has been enabled by default, so that the TLS 1.3 unit
 tests (now indirectly enabled if the pki tool is built due to the
 implementation of EST) can be completed successfully with just the
 default plugins.

 Let's also enable it by default.

 [1]: https://github.com/strongswan/strongswan/releases/tag/5.9.8

PR:		267352

security/strongswan: update to 5.9.8

ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8

Fixes CVE-2022-40617.

PR:		267037
Reported by:	franco@opnsense.org
Approved by:	strongswan@Nanoteq.com (maintainer, implicit)
MFH:		2022Q4	(security update)
Security:	CVE-2022-40617 DoS attack vulnerability

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

security/strongswan: Fix key derivation

An issue in the upstream port causes key derivation to fail in version 5.9.6.
A work around is to enable the KDF pluging by default.

PR:	264667
Reported by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: add CTR plugin option

PR:		264354
Approved by:	Francois ten Krooden (maintainer)

security/strongswan: Update to 5.9.6

Changes:	https://github.com/strongswan/strongswan/releases/tag/5.9.6

PR:		263748
Approved by:	Francois ten Krooden (maintainer)

security/strongswan: Update to 5.9.5

Changes:	https://github.com/strongswan/strongswan/releases/tag/5.9.5
PR:		261462
Approved by:	Francois ten Krooden <strongswan@Nanoteq.com> (maintainer)
MFH:		2022Q1
Security:	CVE-2021-45079

security/strongswan: Update to 5.9.4

Security & Bugfix Update to 5.9.4:
- Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4
- While here change repos to https
- Fix CVE-2021-41990:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
- Fix CVE-2021-41991:
https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html

PR:		259267
Approved by:	strongswan@Nanoteq.com (maintainer)
MFH:		2021Q4

security/strongswan: Update to 5.9.3

Changelog:	https://github.com/strongswan/strongswan/releases/tag/5.9.3

PR:		257564
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Fix default control-interface

Fix default control-interface in rc.d script and also
make it user-selectable at build time, defaulting to VICI.

Also mention this change in pkg-message, as previously the
default was "stroke" and it was changed to "vici" with
only a short notice in UPDATING, that was not displayed
when using binary upgrades.

Committing a portfmt'd version.

PR:		255952
Approved by:	strongswan@Nanoteq.com (maintainer)

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

security/strongswan: use "vici" interface instead of deprecated "stroke" by
default

Add UPDATING entry with migration instruction.

PR:		249865
Submitted by:	driesm.michiels@gmail.com
Approved by:	strongswan@nanoteq.com (maintainer)

security/strongswan: Update to 5.9.2

ChangeLog: https://wiki.strongswan.org/versions/80

While here, pet linters

PR:	254047
Submitted by:	jlduran@gmail.com
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Update to version 5.9.1

Changelog: https://wiki.strongswan.org/versions/79

PR:		252202
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@nanoteq.com (maintainer)

security/strongswan: update 5.8.4 -> 5.9.0

- Also link the tpm2-tss package for testing with the TPM plugin:
  https://wiki.strongswan.org/projects/strongswan/wiki/TpmPlugin

PR:		249470
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Relnotes:	https://wiki.strongswan.org/versions/78

security/strongswan: Add TEST_TARGET

make test passes OK

PR:	246535
Submitted by:	jlduran@gmail.com
Reviewed by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Update to 5.8.4

PR:		245199
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update to 5.8.3

PR:		245087
Sponsored by:	Netzkommune GmbH

security/strongswan: Add PYTHON plugin option for a VICI protocol plugin

PR:		243254
Submitted by:	Dries Michiels <driesm.michiels@gmail.com>
Approved by:	maintainer
Event:		Brussels DevSummit 2020

security/strongswan: load ipsec kernel module by rc script

From the following discussion: https://reviews.freebsd.org/D20163
It makes sense to add ipsec as required module for the rc script
of strongSwan.

PR:		243316
Submitted by:	Dries Michiels <driesm.michiels@gmail.com>
Approved by:	maintainer

security/strongswan: Update to 5.8.2

PR:		242687
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

Add a new option to enable PKCS11 plugin

PR:		240684
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/strongswan: update to 5.8.1

PR:		240316
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Add support for the VIA Padlock plugin

PR:		239458
Submitted by:	Evgeny <mojolicious@yandex.com> (initial revision)
		strongswan@Nanoteq.com (maintainer, brushed-up revision)
Approved by:	strongswan@Nanoteq.com (maintainer)

Implement new virtual category: net-vpn for VPN related ports

based on discussion at ports@ [1]. As VPN softwares are put in different
physical category net and security. This is a little bit confusing. Let's
give them new virtual category net-vpn.

[1] https://lists.freebsd.org/pipermail/freebsd-ports/2019-April/115915.html

PR:		239395
Submitted by:	myself
Approved by:	portmgr (mat)
Differential Revision:	https://reviews.freebsd.org/D21174

security/strongswan: Update to 5.8.0

PR:		238173
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/strongswan: add vici-based configuration for the rc script

The rc script is modified to allow both a legacy (ipsec.conf-based)
startup or a new (swanctl.conf-based) config. Default is the legacy.

The new setup is based on vici, the Versatile IKE Configuration Interface.

For more details, see:

https://wiki.strongswan.org/projects/strongswan/wiki/Vici

PR:		234648
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Reviewed by:	Sam Chen <sc.gear@one.caeon.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Differential Revision:	D19367

security/strongswan: add PAM to XAUTH

PR:		236218
Submitted by:	Franco Fichtner <franco@opnsense.org>
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Minor port improvements

- Follow the same patching logic for swanctl.conf as the other config
  files.
- Silence warning: $strongswan_enable not properly set.

PR:		235340
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: update to version 5.7.2

PR:		234882
Submitted by:	Jose Luis Duran <jlduran@gmail.com>
Approved by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: Update to 5.7.1

PR:		231862
Approved by:	maintainer
Obtained from:	pfSense
MFH:		2018Q4
Security:	CVE-2018-16151 CVE-2018-16152
Sponsored by:	Rubicon Communications, LLC (Netgate)

security/strongswan: Fix rc startup script to support rc.conf settings like
_nice, _fib

Do not bump version since I'll commit the upgrade to 5.7.1 just after it

PR:		211108
Submitted by:	Dmitry Wagin <dmitry.wagin@ya.ru>
Approved by:	maintainer
Sponsored by:	Rubicon Communications, LLC (Netgate)

- Update security/strongswan to 5.7.0
- While here, silence portlint warning renaming option IKEv1 to IKEV1

PR:		231720
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications, LLC (Netgate)

Update to 5.6.3

Fixes:
 - Denial-of-Service Vulnerability in the IKEv2 key derivation
   (CVE-2018-10811)
 - Denial-of-Service Vulnerability in the stroke plugin
   (CVE-2018-5388)
 - Crash on FreeBSD that was present in 5.6.2
 - The kernel-pfkey plugin optionally installs routes via internal
   interface (one with an IP in the local traffic selector). On
   FreeBSD, enabling this selects the correct source IP when sending
   packets from the gateway itself.

PR:		228631
Submitted by:	maintainer

security/strongswan: Fix crash in public key authentication with 5.6.2

While here, added LICENSE_FILE.

PR:		226404
Submitted by:	strongswan@Nanoteq.com (maintainer)
Approved by:	tcberner (mentor, implicit)

- Update security/strongswan to 5.6.2 [1]
- Enable CURL option by default [2]

PR:		226043 [1], 220488 [2]
Submitted by:	strongswan@Nanoteq.com (maintainer) [1]
		karl@denninger.net [2]
Approved by:	maintainer [2]
MFH:		2018Q1
Security:	CVE-2018-6459
Sponsored by:	Rubicon Communications, LLC (Netgate)

Remove USES=execinfo.

PR:		220271
Submitted by:	mat (review), Yasuhiro KIMURA (PR)
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D11488

security/strongswan: update 5.5.3 -> 5.6.0

- the gmp plugin responsible for CVE-2017-11185 is not enabled
  in the FreeBSD build

PR:		221716
Relnotes:	https://wiki.strongswan.org/versions/66
Reported by:	i.dani@outlook.com
Approved by:	strongswan@nanoteq.com (maintainer)

Update strongswan to 5.5.3

PR:		220823
Submitted by:	strongswan@Nanoteq.com (maintainer)
Reported by:	i.dani@outlook.com

Add option for enabling mediation feature (like STUN for IPSec peers)

Approved by:	strongswan@nanoteq.com (maintainer)
Sponsored by:	Orange

Update security/strongswan to 5.5.2

PR:		218430
Approved by:	maintainer
Sponsored by:	Rubicon Communications (Netgate)

- Chase ldns shlip bump

PR:		217495

Update security/strongswan to 5.5.1

PR:		213844
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

security/strongswan: Fix build with LibreSSL

Approved by:	SSL blanket

Update security/strongswan to 5.5.0

PR:		211095
Submitted by:	strongswan@Nanoteq.com (maintainer)

security/strongswan: unbreak FreeBSD 9 builds

- Add patch to include sys/endian.h header

PR:		208446
Submitted by:	strongswan@Nanoteq.com (maintainer)
MFH:		2016Q2 (build fix blanket)

Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.

With hat:	portmgr
Sponsored by:	Absolight

Update security/strongswan to 5.4.0

PR:		208219
Approved by:	swan@nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

- bump PORTREVISION on ports depending on unbound

PR:		207948
Submitted by:	jaap@NLnetLabs.nl (maintainer)

security/strongswan: enable options to increase usefulness of default pkg

- Enable PKI, SWANCTL, and VICI options (no external dependencies)
- Document IMPLIES dependency on VICI for SWANCTL; mention in SWANCTL_DESC
- Bump PORTREVISION

PR:		205438
Reported by:	Nick B <nicblais@clkroot.net>
Submitted by:	strongswan@Nanoteq.com (maintainer)

- Update unbound to 1.5.7
- Bump PORTREVISIOn on dependent ports

Some Upgrade Notes:

This release fixes a validation failure for nodata with wildcards and
emptynonterminals. Fixes OpenSSL Library compability. Fixes correct
response for malformed EDNS queries. For crypto in libunbound there is
libnettle support.

Qname minimisation is implemented. Use qname-minimisation: yes to
enable it. This version sends the full query name when an error is
found for intermediate names. It should therefore not fail for names
on nonconformant servers. It combines well with
harden-below-nxdomain: yes because those nxdomains are probed by the

Bump PORTREVISION to help users with custom OPTIONS to get the fix
committed in r402880, as suggested by AMDmi3

Add @sample to gcm.conf missed when I introduced it. No bump on PORTREVISION
since GCM is disabled by default

Submitted by:	Jose Luis Duran
Obtained from:	https://github.com/pfsense/FreeBSD-ports/pull/2

Update security/strongswan to 5.3.5

PR:		204959
Approved by:	strongswan@Nanoteq.com (maintainer)
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

Update security/strongswan to 5.3.4

PR:		204597
Submitted by:	strongswan@nanoteq.com (maintainer)
MFH:		2015Q4
Security:	CVE 2015-8023
Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
Sponsored by:	Rubicon Communications (Netgate)

Backport a couple of commits from master, that will be present in 5.3.4:

- dff2d05bb9 [1]: kernel-pfKey: Enable AES-CTR
- 04f22cdabc [2]: VICI: add NAT information

Bump PORTREVISION

[1]
https://github.com/strongswan/strongswan/commit/dff2d05bb9bec684b3b2efdafc9a47219550bbe1
[2]
https://github.com/strongswan/strongswan/commit/04f22cdabc1c97d38692f95392429839f0fa90d1

PR:		204398
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

- Add a new option, SWANCTL, to install swanctll utility
- When VICI option is selected, install libvici.h to include directory,
  it's useful when you need to build a custom code linked to libvici
- Pass path to USE_LDCONFIG otherwise libraries will not be visible

PR:		204098
Approved by:	maintainer
Obtained from:	pfSense
Sponsored by:	Rubicon Communications (Netgate)

- Add a new option (VICI) to build VICI management protocol
- Change SMP option description to show users it's deprecated

PR:		204090
Approved by:	maintainer

strongSwan can be beuit using 3 different printf hooks: builtin, glibc
(compatible with FreeBSD's libc) and vstr (devel/vstr). Since it's not
selected any of them on CONFIGURE_ARGS, it uses auto, and end up using
glibc.

pfSense users reported memory leaks on strongSwan [2] [3] and a it was
reported to upstream [1].

Add a single option and let user choose which printf hook to use, and
change default to use builtin. Bump PORTREVISION due to default change

[1] https://wiki.strongswan.org/issues/1106
[2] https://forum.pfsense.org/index.php?topic=96767.0
[3] https://redmine.pfsense.org/issues/5149

PR:		204051
Approved by:	maintainer
Obtained from:	pfSense
MFH:		2015Q4
Sponsored by:	Rubicon Communications (Netgate)

Fix pkg-descr, Strongswan supports IKEv1 since version 5.0.0

Spotted by:	Jim Thompson <jim@netgate.com>
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications (Netgate)

Update security/strongswan to 5.3.3

PR:		203178
Approved by:	strongswan@Nanoteq.com (maintainer)
Sponsored by:	Rubicon Communications (Netgate)

Update to 5.3.2

PR:		200721
Approved by:	strongswan@Nanoteq.com (maintainer)
MFH:		2015Q2
Security:	CVE-2015-3991
Sponsored by:	Netgate

Fix PLIST when EAPAKA3GPP2 is unset and EAPDYNAMIC is set

PR:		199652
Approved by:	stronswan@Nanoteq.com (maintainer)
Sponsored by:	Netgate

- Add CPE info

Approved by:	portmgr blanket

Add patches to fix Strongswan Management Protocol

SMP is an XML control interface for Strongswan used by pfSense and
Opnsense. SMP has been deprecated by upstream since 5.2.0 in favor of a
newer IPC mechanism called VICI. As a result upstream is not motivated
to take patches for SMP, and this uses non-portable strlcpy anyway.

The code has not been deleted from the project and if we can bludgeon it
into a working state I see no harm.

PR:		199442

- Update to 5.3.0
- Add a new option UNITY, to enable Cisco unity extension plugin

PR:		199064
Approved by:	maintainer
Sponsored by:	Netgate

- Add GCM and SMP options
- Add pkgconfig to the list of dependencies
- Enable IKEv1 OPTION by default
- Bump PORTREVISION

PR:		197824
Submitted by:	Franco Fichtner <franco@lastsummer.de> (based on)
Reworked by:	strongswan@Nanoteq.com (maintainer)
Approved by:	strongswan@Nanoteq.com (maintainer)

- Update to 5.2.2
- Add LICENSE

PR:		196615
Approved by:	strongswan@Nanoteq.com (maintainer)
Security:	CVE-2014-9221

- Update to version 5.2.1 [1]
- Convert to USES=execinfo
- Fix LDAP, MYSQL options

PR:		195580 [1]
Submitted by:	maintainer [1]

Remove useless %D

Notified by:	antoine

Simplify plist

- Switch dns/unbound to USES=libtool, drop .la files
- Bump dependent ports as .so version has changed
- While here, add LICENSE_FILE to dns/getdns

Approved by:	portmgr blanket

security/strongswan: Upgrade version 5.1.3 => 5.2.0

While here, including missing library files and use install-strip
target.  Maintainer added a crash fix patch while reviewing.

PR:		192366
Submitted by:	dewayne (heruristicssystems.com.au)
Approved by:	maintainer (strongswan nanoteq.com)

net/openldap24-*:
- Convert to USES=libtool and bump dependent ports
- Avoid USE_AUTOTOOLS
- Don't use PTHREAD_LIBS
- Use MAKE_CMD

databases/glom:
- Drop :keepla
- Add INSTALL_TARGET=install-strip

databases/libgda4* databases/libgda5*:
- Convert to USES=libtool and bump dependent ports
- USES=tar:xz
- Use INSTALL_TARGET=install-strip
- Use @sample

- Chase database/sqlite3 slib bump

Approved by:	portmgr (myself)

security/strongswan: update 5.1.1 -> 5.1.3 with security update

- Update strongSwan port to 5.1.3 to resolve CVE 2014-2338
- Fixed rcvar issue with FreeBSD 10 (ports/186865)
- Added building of additional tools included in strongswan (ports/186867)
- libtool fix
- pkg-plist updated

PR:             ports/189132, ports/186865, ports/186867
Submitted by:   Robert Sevat, Dewayne Geraghty, Francois ten Krooden
(maintainer)
Approved by:    jadawin (mentor)

- Use OPTIONS_SUB=yes
- Prefer ${INSTALL_DATA} over ${MV}
- Whitespace fix

Thanks to:	garga@

- Remove MANx, man pages are already moved to plist
- Use new LIB_DEPENDS syntax

- Add missing manpages

PR:		ports/186264
Submitted by:	HASHI Hiroaki <hashiz@meridiani.jp>
Approved by:	strongswan <strongswan@Nanoteq.com> (maintainer)

- Update to 5.1.1
- Added EAP dynamic proxy module
- Added EAP Radius proxy authentication
- Added DNSSEC/unbound support
- Added kernel libipsec plugin
- Changed configuration files to install to ${PREFIX}/etc/<filename>.conf.sample
- Convert to new options format

PR:		ports/185535
Submitted by:	Francois ten Krooden <strongswan@nanoteq.com> (maintainer)
Security:	CVE-2013-5018
Security:	CVE-2013-6075
Security:	CVE-2013-6076

Add NO_STAGE all over the place in preparation for the staging support (cat:
security)

- Update to 7.31.0
- Bump PORTREVISION for ftp/curl shlib change
- Add TEST_DEPENDS
- Convert to new options framework
- Adjust options:
  - Add COOKIES
  - Add CYASSL, NSS, POLARSSL, THREADED_RESOLVER, TLS_SRP [1]
  - Add GSSAPI and SPNEGO [2]
  - Remove KERBEROS4
  - Rename LIBIDN to IDN
  - Remove TRACKMEMORY [1]
- Sort option handler
- Add SLAVEDIRS: ftp/curl-hiphop
- Cosmetic change
- Cleanup Makefile header
- While I'm here, fix typo (PORTREVSION) in x11-wm/ede/Makefile

Changes:	http://curl.haxx.se/changes.html
PR:		ports/172325 (-exp run), ports/177369 (based on) [1]
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> [1], hrs (via email) [2]
Exp run by:	miwi

- update to version 5.0.4 which fixes CVE-2013-2944.
- add entry to vuxml
- add CVE references to jankins vuxml entry

while I'm here remove .sh from rc script

PR:		ports/178266
Submitted by:	David Shane Holden <dpejesh@yahoo.com>
Approved by:	strongswan@nanoteq.com (maintainer)

- Update to 5.0.1
- Change maintainer address
- Trim Makefile header
- Convert to new options framework
- Cleanup

PR:		ports/173860 (based on)
Submitted by:	Riaan Kruger (maintainer)

In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.

update to 4.5.3

PR:             ports/160401
Submitted by:   Riaan Kruger <riaank@gmail.com> maintainer