From owner-freebsd-ports@FreeBSD.ORG Mon Jan 6 06:35:17 2014 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AA12B8ED for ; Mon, 6 Jan 2014 06:35:17 +0000 (UTC) Received: from nschwqsrv02p.mx.bigpond.com (nschwqsrv02p.mx.bigpond.com [61.9.189.234]) by mx1.freebsd.org (Postfix) with ESMTP id 3DA511A70 for ; Mon, 6 Jan 2014 06:35:16 +0000 (UTC) Received: from nschwcmgw09p ([61.9.190.169]) by nschwmtas03p.mx.bigpond.com with ESMTP id <20140106062302.EFQO23681.nschwmtas03p.mx.bigpond.com@nschwcmgw09p>; Mon, 6 Jan 2014 06:23:02 +0000 Received: from hermes.heuristicsystems.com.au ([58.172.113.247]) by nschwcmgw09p with BigPond Outbound id AWP01n01C5LKYmq01WP1f0; Mon, 06 Jan 2014 06:23:02 +0000 X-Authority-Analysis: v=2.0 cv=Zbefx7pA c=1 sm=1 a=YibVxx38Z+cwdCKSMcELyg==:17 a=1YbsQLIiAAQA:10 a=35vxzxUG5w8A:10 a=8nJEP1OIZ-IA:10 a=GHIR_BbyAAAA:8 a=PexyA8LUurYA:10 a=6I5d2MoRAAAA:8 a=PYnjg3YJAAAA:8 a=KiMCiSwjAAAA:8 a=987mpKp5S3_035_eFbMA:9 a=wPNLvfGTeEIA:10 a=FdLfEJsbHb0A:10 a=SV7veod9ZcQA:10 a=YibVxx38Z+cwdCKSMcELyg==:117 Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id s066L8S6097120 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 6 Jan 2014 17:21:09 +1100 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Message-ID: <52CA4B54.4050908@heuristicsystems.com.au> Date: Mon, 06 Jan 2014 17:21:08 +1100 From: Dewayne Geraghty User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: dycuo123 , strongswan@Nanoteq.com Subject: Re: Request for strongSwan and Poptop (pptpd) ports update References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jan 2014 06:35:17 -0000 On 5/01/2014 6:08 AM, dycuo123 wrote: > Hi,there > > Do you guys have some time to update these two? Many thanks! > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > Its probably better if you direct your request to the maintainer of the port, ideally using http://www.freebsd.org/send-pr.html, identifying the upgrade benefits and further details to pique their interest. For example, strongswan: Current ports version is 5.0.4 and released version by strongswan is 5.1.1 (version 5.1.2 is scheduled for February) Reasons for the request are: 1. Rectification of security vulnerabilities allowing Denial of Service: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6075 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6076 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5018 2. Rectification of security vulnerabilities allowing user impersonation and bypassing access restrictions CVE-2013-6075 (above) 3. Refer to change log http://wiki.strongswan.org/projects/strongswan/wiki/Changelog51, specifically ... But of course the first thing to do is to use http://www.freebsd.org/cgi/query-pr-summary.cgi to check if the request has already been made. And in this instance it has! Please refer to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/183688 And given the outstanding CVEs I'd suggest that you apply the patches, if you're going to use this port; pending maintainer's availability. Francois, I've included you, as the CVE's should push this update from a low priority/non-critical category to a medium given that it can be DOS'ed via the network without authentication. (And unfortunately IKEv1 is required for iPhone clients using IPSEC) Regards, Dewayne.