Date: Thu, 15 May 2014 10:49:21 +0200 From: Kurt Jaeger <lists@opsec.eu> To: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> Cc: strongswan@nanoteq.com, freebsd-ports@freebsd.org Subject: Re: Committer to address 2 CVE's against strongswan Message-ID: <20140515084921.GV2341@home.opsec.eu> In-Reply-To: <5373EE24.4030007@heuristicsystems.com.au> References: <CAHv72r4=jREo7R3xCP3yO9dnF_Oc-5ecLPz=m-RHADPhizc-fQ@mail.gmail.com> <5373EE24.4030007@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > Strongswan 5.1.1 has two CVE's that are corrected in the 5.1.3 release. > The maintainer has provided a patch on 8th May, thank-you Francois. The > patch applies cleanly and the patched strongswan 5.1.3 installs and > functions correctly. I've installed it on two FreeBSD 9.2 (Stable) VPN > servers, and other tunnelling firewalls. > > It would be appreciated if a ports committer could provide this patch > for the rest of the user-base, via a strongswan port update. Testing with poudriere testport -j 10amd64 -o security/strongswan -n found some pkg-plist issues: ---------------- [...] ===> Checking for items in STAGEDIR missing from pkg-plist Error: Orphaned: etc/ipsec.conf Error: Orphaned: %%ETCDIR%%.conf Error: Orphaned: %%ETCDIR%%.d/charon-logging.conf Error: Orphaned: %%ETCDIR%%.d/charon.conf Error: Orphaned: %%ETCDIR%%.d/charon/addrblock.conf Error: Orphaned: %%ETCDIR%%.d/charon/aes.conf Error: Orphaned: %%ETCDIR%%.d/charon/attr.conf Error: Orphaned: %%ETCDIR%%.d/charon/blowfish.conf Error: Orphaned: %%ETCDIR%%.d/charon/cmac.conf Error: Orphaned: %%ETCDIR%%.d/charon/constraints.conf Error: Orphaned: %%ETCDIR%%.d/charon/des.conf Error: Orphaned: %%ETCDIR%%.d/charon/dnskey.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-identity.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-md5.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-mschapv2.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-peap.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-tls.conf Error: Orphaned: %%ETCDIR%%.d/charon/eap-ttls.conf Error: Orphaned: %%ETCDIR%%.d/charon/fips-prf.conf Error: Orphaned: %%ETCDIR%%.d/charon/hmac.conf Error: Orphaned: %%ETCDIR%%.d/charon/kernel-pfkey.conf Error: Orphaned: %%ETCDIR%%.d/charon/kernel-pfroute.conf Error: Orphaned: %%ETCDIR%%.d/charon/md4.conf Error: Orphaned: %%ETCDIR%%.d/charon/md5.conf Error: Orphaned: %%ETCDIR%%.d/charon/nonce.conf Error: Orphaned: %%ETCDIR%%.d/charon/openssl.conf Error: Orphaned: %%ETCDIR%%.d/charon/pem.conf Error: Orphaned: %%ETCDIR%%.d/charon/pgp.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs1.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs12.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs7.conf Error: Orphaned: %%ETCDIR%%.d/charon/pkcs8.conf Error: Orphaned: %%ETCDIR%%.d/charon/pubkey.conf Error: Orphaned: %%ETCDIR%%.d/charon/random.conf Error: Orphaned: %%ETCDIR%%.d/charon/rc2.conf Error: Orphaned: %%ETCDIR%%.d/charon/resolve.conf Error: Orphaned: %%ETCDIR%%.d/charon/revocation.conf Error: Orphaned: %%ETCDIR%%.d/charon/sha1.conf Error: Orphaned: %%ETCDIR%%.d/charon/sha2.conf Error: Orphaned: %%ETCDIR%%.d/charon/socket-default.conf Error: Orphaned: %%ETCDIR%%.d/charon/sshkey.conf Error: Orphaned: %%ETCDIR%%.d/charon/stroke.conf Error: Orphaned: %%ETCDIR%%.d/charon/updown.conf Error: Orphaned: %%ETCDIR%%.d/charon/whitelist.conf Error: Orphaned: %%ETCDIR%%.d/charon/x509.conf Error: Orphaned: %%ETCDIR%%.d/charon/xcbc.conf Error: Orphaned: %%ETCDIR%%.d/starter.conf Error: Orphaned: lib/ipsec/libcharon.so.0.0.0 Error: Orphaned: lib/ipsec/libhydra.so.0.0.0 Error: Orphaned: lib/ipsec/libstrongswan.so.0.0.0 Error: Orphaned: lib/ipsec/libtls.so.0.0.0 Error: Orphaned: @dirrmtry %%ETCDIR%%.d/charon Error: Orphaned: @dirrmtry %%ETCDIR%%.d ---------------- I'll investigate this evening (in approx. 10 hours), if someone can look after it before that ? -- pi@opsec.eu +49 171 3101372 6 years to go !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140515084921.GV2341>