Request for strongSwan and Poptop (pptpd) ports update
Francois ten Krooden
ftk at Nanoteq.com
Mon Jan 6 14:01:03 UTC 2014
Those vulnerabilities is fixed in version 5.1.1 for which the patch is already submitted, but have not yet been applied. I will submit a new patch now with high availability feature removed since this is not working correctly when I performed further testing on the port.
I was still waiting for a committer to submit the changes to the ports tree.
Francois ten Krooden
From: Dewayne Geraghty [dewayne.geraghty at heuristicsystems.com.au]
Sent: Monday, January 06, 2014 8:21 AM
To: dycuo123; strongswan
Cc: ports at freebsd.org
Subject: Re: Request for strongSwan and Poptop (pptpd) ports update
On 5/01/2014 6:08 AM, dycuo123 wrote:
> Do you guys have some time to update these two? Many thanks!
> freebsd-ports at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at freebsd.org"
Its probably better if you direct your request to the maintainer of the
port, ideally using http://www.freebsd.org/send-pr.html, identifying the
upgrade benefits and further details to pique their interest. For
Current ports version is 5.0.4 and released version by strongswan is
5.1.1 (version 5.1.2 is scheduled for February)
Reasons for the request are:
1. Rectification of security vulnerabilities allowing Denial of Service:
2. Rectification of security vulnerabilities allowing user impersonation
and bypassing access restrictions
3. Refer to change log
But of course the first thing to do is to use
http://www.freebsd.org/cgi/query-pr-summary.cgi to check if the request
has already been made. And in this instance it has!
Please refer to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/183688
And given the outstanding CVEs I'd suggest that you apply the patches,
if you're going to use this port; pending maintainer's availability.
Francois, I've included you, as the CVE's should push this update from a
low priority/non-critical category to a medium given that it can be
DOS'ed via the network without authentication. (And unfortunately IKEv1
is required for iPhone clients using IPSEC)
This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail legal notice available at:
More information about the freebsd-ports