libreswan-5: update to v5.3 (July 3, 2025)

[Andrew Cagney (via pkgsrc-wip) <commit-notify%pkgsrc.org@localhost>]

Module Name:	pkgsrc-wip
Committed By:	Andrew Cagney <andrew.cagney%gmail.com@localhost>
Pushed By:	cagney
Date:		Tue Jul 8 13:04:32 2025 +0000
Changeset:	db29ebd67c11763a73db6890c3d12a8f21b1e8fe

Modified Files:
	libreswan-5/Makefile
	libreswan-5/distinfo

Log Message:
libreswan-5: update to v5.3 (July 3, 2025)

* PKIX (Public Key Infrastructure X.509)
  - moved cURL and LDAP CRL download code out of pluto [Andrew]
  - replaced CRL thread with libevent [Andrew]
  - fixed `ipsec checkcrls` [Andrew]
  - when configured, use cURL to download LDAP CRLs [Andrew]
  - verify using NSS's IPsec profile aka certificateUsageIPsec [Andrew]
  - only verify using certificateUsageSSL{Client,Server} when USE_NSS_TLS_SECURITY_PROFILE [Andrew]
* IKEv2:
  - fix PEXPECT when deleting crossed IKE SA [Andrew, Ilya Maximets #2101, Ondrej Moris #2123]
* IKEv1:
  - fix CISCO's split support (requires cisco-split=yes) [Andrew, Amirreza #2230 Erikas #633]
  - share-lease=yes|no (default yes) to share XAUTH/ModeCfg lease IP on multiple connections [Paul]
* initsystem:
  - remove unused _stackmanager [Tuomo #2080]
  - on BSD, default to syslog(LOG_NOTICE) and not pluto.log [Andrew #2295 #2298]
* config:
  - merge `addconn` (`ipsec.conf`) and `whack` connection option parsers [Andrew]
  - change `whack` to use same connection defaults as `ipsec.conf` [Andrew]
  - support `ipsec addconn --name connname left=1.2.3.4 right=5.6.7.8` (experimental) [Andrew #2138]
  - drop undocumented `ipsec readwriteconf --rootdir` option [Andrew, #2152]
  - obsoleted virtual_private= and plutostderrlog= keywords [Tuomo]
  - warn when END-option= has no END [Andrew #663]
  - nflog= made an alias to nflog-group= [Andrew]
  - recognize ah=... as phase2=ah phase2alg=... [Andrew #712]
* ipsec pluto:
  - make `ipsec.conf`'s `config setup` and pluto options consistent [Andrew]
  - fix `--config file1 --config file2` [Andrew]
* ipsec connectionstatus:
  - support `ipsec connectionstatus '"labeled"[1][2]'` [Andrew #1308]
* testing:
  - eliminated all pyOpenSSL dependencies [Andrew]
  - review PKIX test coverage [Andrew]
  - upgrade Fedora test domain to f42
* building:
  - build with curl 8.14.1 [Andrew, Vincent #2319]

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=db29ebd67c11763a73db6890c3d12a8f21b1e8fe

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 libreswan-5/Makefile | 2 +-
 libreswan-5/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diffs:
diff --git a/libreswan-5/Makefile b/libreswan-5/Makefile
index dc8add68dd..30f4a53a6f 100644
--- a/libreswan-5/Makefile
+++ b/libreswan-5/Makefile
@@ -15,7 +15,7 @@
 #
 # libreswan: 5.0 5.0nb1 ...
 
-DISTNAME=	libreswan-5.2
+DISTNAME=	libreswan-5.3
 MASTER_SITES=   https://download.libreswan.org/
 
 CATEGORIES=	security
diff --git a/libreswan-5/distinfo b/libreswan-5/distinfo
index ff42f354ce..51478434c7 100644
--- a/libreswan-5/distinfo
+++ b/libreswan-5/distinfo
@@ -1,5 +1,5 @@
 $NetBSD$
 
-BLAKE2s (libreswan-5.2.tar.gz) = ecb889c97a18b2f5acb945c11e73993720dd3682fa2c59a2e56901feb0f8c2ac
-SHA512 (libreswan-5.2.tar.gz) = 5c87edc879914158ba9c4c2a0edcd6fac0787b16d3c6a50c268cbd675c51cdec94e509031bc226680c0d40bd3375d73007cae5ee0588c136292e3f34cb759694
-Size (libreswan-5.2.tar.gz) = 4132199 bytes
+BLAKE2s (libreswan-5.3.tar.gz) = cd9f92dee9065c73d4579cc17ac39e3f524552633e14f169037ee73fad9daef9
+SHA512 (libreswan-5.3.tar.gz) = 338fb82a9969da8fa78f64ec9eda0e3dcd216d6b8333a6f966ba839e31d3eb5fdd94613f0fff934be16ff8d84f6f4265c8b35f37c642569e042f65a58038ba0d
+Size (libreswan-5.3.tar.gz) = 4220520 bytes