Request for strongSwan and Poptop (pptpd) ports update

Francois ten Krooden ftk at
Mon Jan 6 14:01:03 UTC 2014

Hi Dewayne

Those vulnerabilities is fixed in version 5.1.1 for which the patch is already submitted, but have not yet been applied.  I will submit a new patch now with high availability feature removed since this is not working correctly when I performed further testing on the port.
I was still waiting for a committer to submit the changes to the ports tree.

Kind regards
Francois ten Krooden

From: Dewayne Geraghty [dewayne.geraghty at]
Sent: Monday, January 06, 2014 8:21 AM
To: dycuo123; strongswan
Cc: ports at
Subject: Re: Request for strongSwan and Poptop (pptpd) ports update

On 5/01/2014 6:08 AM, dycuo123 wrote:
> Hi,there
> Do you guys have some time to update these two? Many thanks!
> _______________________________________________
> freebsd-ports at mailing list
> To unsubscribe, send any mail to "freebsd-ports-unsubscribe at"
Its probably better if you direct your request to the maintainer of the
port, ideally using, identifying the
upgrade benefits and further details to pique their interest.  For
example, strongswan:

Current ports version is 5.0.4 and released version by strongswan is
5.1.1 (version 5.1.2 is scheduled for February)

Reasons for the request are:
1. Rectification of security vulnerabilities allowing Denial of Service:

2. Rectification of security vulnerabilities allowing user impersonation
and bypassing access restrictions
CVE-2013-6075 (above)

3. Refer to change log,
specifically ...

But of course the first thing to do is to use to check if the request
has already been made.  And in this instance it has!
Please refer to

And given the outstanding CVEs I'd suggest that you apply the patches,
if you're going to use this port; pending maintainer's availability.

Francois, I've included you, as the CVE's should push this update from a
low priority/non-critical category to a medium given that it can be
DOS'ed via the network without authentication.  (And unfortunately IKEv1
is required for iPhone clients using IPSEC)

Regards, Dewayne.

Important Notice:

This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail legal notice available at:

More information about the freebsd-ports mailing list