libreswan: update to 4.12nb1

[Andrew Cagney <andrew.cagney%gmail.com@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Andrew Cagney <andrew.cagney%gmail.com@localhost>
Pushed By:	cagney
Date:		Mon Aug 7 14:02:51 2023 +0000
Changeset:	c4d5e1a2a4c3de50a368d4a73384669325994468

Modified Files:
	libreswan/COMMIT_MSG
	libreswan/Makefile
	libreswan/distinfo
Added Files:
	libreswan/patches/patch-lib_libswan_x509.c

Log Message:
libreswan: update to 4.12nb1

v4.12 (Aug 8, 2023)
* SECURITY IKEv2: Fixes https://libreswan.org/security/CVE-2023-38710
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38711
* SECURITY IKEv1: Fixes https://libreswan.org/security/CVE-2023-38712
* pluto: Do not crash on ipcomp expiry msg [Andrew]

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=c4d5e1a2a4c3de50a368d4a73384669325994468

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 libreswan/COMMIT_MSG                       |  6 +++---
 libreswan/Makefile                         | 25 ++++---------------------
 libreswan/distinfo                         |  7 ++++---
 libreswan/patches/patch-lib_libswan_x509.c | 13 +++++++++++++
 4 files changed, 24 insertions(+), 27 deletions(-)

diffs:
diff --git a/libreswan/COMMIT_MSG b/libreswan/COMMIT_MSG
index c6e8eb30c0..06f0d2df1f 100644
--- a/libreswan/COMMIT_MSG
+++ b/libreswan/COMMIT_MSG
@@ -1,4 +1,4 @@
-Libreswan: import version 4.9
+Libreswan: import version 4.12
 
 Libreswan is an Internet Key Exchange (IKE) daemon for managing IPsec.
 
@@ -6,8 +6,8 @@ Libreswan supports IKEv1 and IKEv2 and has support for most of the
 extensions (RFC + IETF drafts) related to IPsec, including IKEv2,
 X.509 Digital Certificates, NAT Traversal, and many others.
 
-On NetBSD and FreeBSD, Libreswan uses the PF_KEY_V2 IPsec stack.  On
-Linux, Libreswan uses the XFRM IPsec stack.
+On NetBSD and FreeBSD, Libreswan uses the PF_KEY_V2 IPsec stack.
+On Linux, Libreswan uses the XFRM IPsec stack.
 
 Libreswan was forked from Openswan 2.6.38, which was forked from
 FreeS/WAN 2.04. See the CREDITS files for contributor acknowledgments.
diff --git a/libreswan/Makefile b/libreswan/Makefile
index 7fe6534d34..8239060121 100644
--- a/libreswan/Makefile
+++ b/libreswan/Makefile
@@ -1,31 +1,14 @@
 # $NetBSD$
 
-# Libreswan is built using GNU Make.  It does not use autoconf.
+# Libreswan is built using GNU Make (it does not use autoconf).
 #
 # Configuration parameters can be found in mk/config.mk and OS
 # specific overides in mk/default/*.mk (for instance,
 # mk/default/netbsd.mk).
 
-#DISTNAME=	libreswan-4.9
-#MASTER_SITES=	https://download.libreswan.org/
-
-GITHUB_PROJECT=	libreswan
-DISTNAME=	libreswan
-
-# This is a pre-5.0 snapshot taken from mainline.  It includes the CVE
-# fixes in v4.10 and v4.11.
-#
-# The version number 4.9 in the below is topologically correct.  It is
-# the point where the v4.x maintenance branch was created (both v4.10
-# and v4.11 were drawn from that branch).
-#
-# If this were Fedora I'd be using something like libreswan-v4.9~1324
-# (that's a tilda).  Perhaps 4.11nb5.1324 would be better?
-
-PKGNAME=	libreswan-4.9nb3
-GITHUB_TAG=	87b84cc19b90a4e046f28568cc2738835800398a
-MASTER_SITES=	${MASTER_SITE_GITHUB:=${GITHUB_PROJECT}/}
-DIST_SUBDIR=	${GITHUB_PROJECT}
+DISTNAME=	libreswan-4.12
+PKGREVISION=	1
+MASTER_SITES=	https://download.libreswan.org/
 
 CATEGORIES=	security
 MAINTAINER=	pkgsrc-users%NetBSD.org@localhost
diff --git a/libreswan/distinfo b/libreswan/distinfo
index f81bda51cc..829bb96d14 100644
--- a/libreswan/distinfo
+++ b/libreswan/distinfo
@@ -1,5 +1,6 @@
 $NetBSD$
 
-BLAKE2s (libreswan/libreswan-87b84cc19b90a4e046f28568cc2738835800398a.tar.gz) = 7963ee07fd460e569d61087f358afee9b2870f850536d3d7af3e1e5ce8591241
-SHA512 (libreswan/libreswan-87b84cc19b90a4e046f28568cc2738835800398a.tar.gz) = f2326dd60b19e02a26072d5795fbb17168348177f2ff73d6408b756ff71ab97bbee9481229567800082cc062e4bdeccb274e3b76a48ddd803aa659bebd51e4c0
-Size (libreswan/libreswan-87b84cc19b90a4e046f28568cc2738835800398a.tar.gz) = 3736133 bytes
+BLAKE2s (libreswan-4.12.tar.gz) = 397c455b67e112d0407b2b6e0fbe1f6e4bec4422c747a51dda3fd4bc0a87b2b7
+SHA512 (libreswan-4.12.tar.gz) = 3a7f5ea5d97da357a8979a8807694a316d42ccc5f9c7b5867041abf2b9316ff8428f24cf307b6b6073c191896c0417f137abf78f9903aecde5e1ee1182577ce0
+Size (libreswan-4.12.tar.gz) = 3718440 bytes
+SHA1 (patch-lib_libswan_x509.c) = 5f660e6186232be02c4c8ecadb905fcb5a1801be
diff --git a/libreswan/patches/patch-lib_libswan_x509.c b/libreswan/patches/patch-lib_libswan_x509.c
new file mode 100644
index 0000000000..e48dcd92d6
--- /dev/null
+++ b/libreswan/patches/patch-lib_libswan_x509.c
@@ -0,0 +1,13 @@
+--- lib/libswan/x509dn.c.dist	2023-08-06 15:38:41.229683426 +0000
++++ lib/libswan/x509dn.c	2023-08-06 15:39:26.829938849 +0000
+@@ -777,7 +777,9 @@
+ 			       /* XXX: where did '/' come from? */
+ 			       src[0] != '/') {
+ 				/* assume nul termination */
+-				if (src[0] == '\\' && isxdigit(src[1]) && isxdigit(src[2])) {
++				if (src[0] == '\\' &&
++				    char_isxdigit(src[1]) &&
++				    char_isxdigit(src[2])) {
+ 					char hex[3] = { src[1], src[2], };
+ 					uint8_t byte = strtol(hex, NULL, 16);
+ 					EXTEND_OBJ(&byte, 1);