From owner-freebsd-ports@FreeBSD.ORG Thu May 15 08:49:27 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3D81DA2F for ; Thu, 15 May 2014 08:49:27 +0000 (UTC) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E30DF205D for ; Thu, 15 May 2014 08:49:26 +0000 (UTC) Received: from pi by home.opsec.eu with local (Exim 4.82 (FreeBSD)) (envelope-from ) id 1WkrLt-0007YJ-UY; Thu, 15 May 2014 10:49:21 +0200 Date: Thu, 15 May 2014 10:49:21 +0200 From: Kurt Jaeger To: Dewayne Geraghty Subject: Re: Committer to address 2 CVE's against strongswan Message-ID: <20140515084921.GV2341@home.opsec.eu> References: <5373EE24.4030007@heuristicsystems.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5373EE24.4030007@heuristicsystems.com.au> Cc: strongswan@nanoteq.com, freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2014 08:49:27 -0000 Hi! > Strongswan 5.1.1 has two CVE's that are corrected in the 5.1.3 release. > The maintainer has provided a patch on 8th May, thank-you Francois. The > patch applies cleanly and the patched strongswan 5.1.3 installs and > functions correctly. I've installed it on two FreeBSD 9.2 (Stable) VPN > servers, and other tunnelling firewalls. > > It would be appreciated if a ports committer could provide this patch > for the rest of the user-base, via a strongswan port update. Testing with poudriere testport -j 10amd64 -o security/strongswan -n found some pkg-plist issues: ---------------- [...] ===> Checking for items in STAGEDIR missing from pkg-plist Error: Orphaned: etc/ipsec.conf Error: Orphaned: %%ETCDIR%%.conf Error: Orphaned: %%ETCDIR%%.d/charon-logging.conf Error: Orphaned: %%ETCDIR%%.d/charon.conf Error: Orphaned: %%ETCDIR%%.d/charon/addrblock.conf Error: Orphaned: %%ETCDIR%%.d/charon/aes.conf Error: Orphaned: %%ETCDIR%%.d/charon/attr.conf Error: Orphaned: %%ETCDIR%%.d/charon/blowfish.conf Error: Orphaned: %%ETCDIR%%.d/charon/cmac.conf Error: Orphaned: %%ETCDIR%%.d/charon/constraints.conf Error: Orphaned: %%ETCDIR%%.d/charon/des.conf Error: Orphaned: %%ETCDIR%%.d/charon/dnskey.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-identity.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-md5.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-mschapv2.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-peap.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-tls.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-ttls.conf Error: Orphaned: %%ETCDIR%%.d/charon/fips-prf.conf Error: Orphaned: %%ETCDIR%%.d/charon/hmac.conf Error: Orphaned: %%ETCDIR%%.d/charon/kernel-pfkey.conf Error: Orphaned: %%ETCDIR%%.d/charon/kernel-pfroute.conf Error: Orphaned: %%ETCDIR%%.d/charon/md4.conf Error: Orphaned: %%ETCDIR%%.d/charon/md5.conf Error: Orphaned: %%ETCDIR%%.d/charon/nonce.conf Error: Orphaned: %%ETCDIR%%.d/charon/openssl.conf Error: Orphaned: %%ETCDIR%%.d/charon/pem.conf Error: Orphaned: %%ETCDIR%%.d/charon/pgp.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs1.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs12.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs7.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs8.conf Error: Orphaned: %%ETCDIR%%.d/charon/pubkey.conf Error: Orphaned: %%ETCDIR%%.d/charon/random.conf Error: Orphaned: %%ETCDIR%%.d/charon/rc2.conf Error: Orphaned: %%ETCDIR%%.d/charon/resolve.conf Error: Orphaned: %%ETCDIR%%.d/charon/revocation.conf Error: Orphaned: %%ETCDIR%%.d/charon/sha1.conf Error: Orphaned: %%ETCDIR%%.d/charon/sha2.conf Error: Orphaned: %%ETCDIR%%.d/charon/socket-default.conf Error: Orphaned: %%ETCDIR%%.d/charon/sshkey.conf Error: Orphaned: %%ETCDIR%%.d/charon/stroke.conf Error: Orphaned: %%ETCDIR%%.d/charon/updown.conf Error: Orphaned: %%ETCDIR%%.d/charon/whitelist.conf Error: Orphaned: %%ETCDIR%%.d/charon/x509.conf Error: Orphaned: %%ETCDIR%%.d/charon/xcbc.conf Error: Orphaned: %%ETCDIR%%.d/starter.conf Error: Orphaned: lib/ipsec/libcharon.so.0.0.0 Error: Orphaned: lib/ipsec/libhydra.so.0.0.0 Error: Orphaned: lib/ipsec/libstrongswan.so.0.0.0 Error: Orphaned: lib/ipsec/libtls.so.0.0.0 Error: Orphaned: @dirrmtry %%ETCDIR%%.d/charon Error: Orphaned: @dirrmtry %%ETCDIR%%.d ---------------- I'll investigate this evening (in approx. 10 hours), if someone can look after it before that ? -- pi@opsec.eu +49 171 3101372 6 years to go !