Request for strongSwan and Poptop (pptpd) ports update

Mon Jan 6 06:35:17 UTC 2014

On 5/01/2014 6:08 AM, dycuo123 wrote:
> Hi,there
>
> Do you guys have some time to update these two? Many thanks!
> _______________________________________________
> freebsd-ports at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ports
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
>
Its probably better if you direct your request to the maintainer of the
port, ideally using http://www.freebsd.org/send-pr.html, identifying the
upgrade benefits and further details to pique their interest.  For
example, strongswan:

Current ports version is 5.0.4 and released version by strongswan is
5.1.1 (version 5.1.2 is scheduled for February)

Reasons for the request are:
1. Rectification of security vulnerabilities allowing Denial of Service:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6075
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6076
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5018

2. Rectification of security vulnerabilities allowing user impersonation
and bypassing access restrictions
CVE-2013-6075 (above)

3. Refer to change log
http://wiki.strongswan.org/projects/strongswan/wiki/Changelog51,
specifically ...

But of course the first thing to do is to use
http://www.freebsd.org/cgi/query-pr-summary.cgi to check if the request
has already been made.  And in this instance it has!
Please refer to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/183688

And given the outstanding CVEs I'd suggest that you apply the patches,
if you're going to use this port; pending maintainer's availability.

Francois, I've included you, as the CVE's should push this update from a
low priority/non-critical category to a medium given that it can be
DOS'ed via the network without authentication.  (And unfortunately IKEv1
is required for iPhone clients using IPSEC)

Regards, Dewayne.