From owner-freebsd-ports@FreeBSD.ORG  Wed May 14 22:31:01 2014
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DC0BAE6A
 for <freebsd-ports@freebsd.org>; Wed, 14 May 2014 22:31:01 +0000 (UTC)
Received: from nschwmtas05p.mx.bigpond.com (nschwmtas05p.mx.bigpond.com
 [61.9.189.149]) by mx1.freebsd.org (Postfix) with ESMTP id 730B221C1
 for <freebsd-ports@freebsd.org>; Wed, 14 May 2014 22:31:00 +0000 (UTC)
Received: from nschwcmgw06p ([61.9.190.166]) by nschwmtas05p.mx.bigpond.com
 with ESMTP
 id <20140514223058.ZGMR14630.nschwmtas05p.mx.bigpond.com@nschwcmgw06p>;
 Wed, 14 May 2014 22:30:58 +0000
Received: from hermes.heuristicsystems.com.au ([121.210.107.100])
 by nschwcmgw06p with BigPond Outbound
 id 1yWx1o00V29zwdD01yWxdT; Wed, 14 May 2014 22:30:58 +0000
X-Authority-Analysis: v=2.0 cv=Pdd9d1dd c=1 sm=1
 a=SEJ2iDwVkb98DYvesvueMw==:17 a=JipEcVzqA9wA:10 a=oxsyjlAjeaMA:10
 a=IkcTkHD0fZMA:10 a=GHIR_BbyAAAA:8 a=6I5d2MoRAAAA:8 a=sMBj6sIwAAAA:8
 a=kBOb5uOffpz7-O2iSqMA:9 a=QEXdDO2ut3YA:10 a=82-kyh_VXv8A:10
 a=SEJ2iDwVkb98DYvesvueMw==:117
Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0)
 by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id s4EMTBQ7078097
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Thu, 15 May 2014 08:29:12 +1000 (EST)
 (envelope-from dewayne.geraghty@heuristicsystems.com.au)
Message-ID: <5373EE24.4030007@heuristicsystems.com.au>
Date: Thu, 15 May 2014 08:28:52 +1000
From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>
User-Agent: Mozilla/5.0 (Windows NT 6.1;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: freebsd-ports@freebsd.org
Subject: Committer to address 2 CVE's against strongswan
References: <CAHv72r4=jREo7R3xCP3yO9dnF_Oc-5ecLPz=m-RHADPhizc-fQ@mail.gmail.com>
In-Reply-To: <CAHv72r4=jREo7R3xCP3yO9dnF_Oc-5ecLPz=m-RHADPhizc-fQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: strongswan@nanoteq.com
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 May 2014 22:31:01 -0000

Strongswan 5.1.1 has two CVE's that are corrected in the 5.1.3 release. 
The maintainer has provided a patch on 8th May, thank-you Francois.  The
patch applies cleanly and the patched strongswan 5.1.3 installs and
functions correctly.  I've installed it on two FreeBSD 9.2 (Stable) VPN
servers, and other tunnelling firewalls.

It would be appreciated if a ports committer could provide this patch
for the rest of the user-base, via a strongswan port update.

Refer:
http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/189132

CVE's that are addressed:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2338
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2891

Regards, Dewayne.