MFH: r471205

Update to 5.6.3

Fixes:
 - Denial-of-Service Vulnerability in the IKEv2 key derivation
   (CVE-2018-10811)
 - Denial-of-Service Vulnerability in the stroke plugin
   (CVE-2018-5388)
 - Crash on FreeBSD that was present in 5.6.2
 - The kernel-pfkey plugin optionally installs routes via internal
   interface (one with an IP in the local traffic selector). On
   FreeBSD, enabling this selects the correct source IP when sending
   packets from the gateway itself.

PR:		228631
Submitted by:	maintainer

Approved by:	ports-secteam

security/strongswan/Makefile

@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	strongswan
-PORTVERSION=	5.6.2
-PORTREVISION=	1
+PORTVERSION=	5.6.3
 CATEGORIES=	security
 MASTER_SITES=	http://download.strongswan.org/ \
 		http://download2.strongswan.org/

security/strongswan/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1519043301
-SHA256 (strongswan-5.6.2.tar.bz2) = e0a60a30ebf3c534c223559e1686497a21ded709a5d605c5123c2f52bcc22e92
-SIZE (strongswan-5.6.2.tar.bz2) = 4977859
+TIMESTAMP = 1527575366
+SHA256 (strongswan-5.6.3.tar.bz2) = c3c7dc8201f40625bba92ffd32eb602a8909210d8b3fac4d214c737ce079bf24
+SIZE (strongswan-5.6.3.tar.bz2) = 4961579

security/strongswan/files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c

@@ -1,22 +0,0 @@
---- src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c.orig
-+++ src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
-@@ -164,7 +164,7 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
- 			signature_scheme_t schemes[] = {
- 				SIGN_RSA_EMSA_PKCS1_SHA2_384,
- 				SIGN_RSA_EMSA_PKCS1_SHA2_256,
--			}, contained;
-+			};
- 			bool found;
- 			int i, j;
- 
-@@ -174,8 +174,8 @@ static array_t *select_signature_schemes(keymat_v2_t *keymat,
- 				found = FALSE;
- 				for (j = 0; j < array_count(selected); j++)
- 				{
--					array_get(selected, j, &contained);
--					if (scheme == contained)
-+					array_get(selected, j, &config);
-+					if (scheme == config->scheme)
- 					{
- 						found = TRUE;
- 						break;