Committer to address 2 CVE's against strongswan

Kurt Jaeger lists at opsec.eu
Thu May 15 08:49:27 UTC 2014


Hi!

> Strongswan 5.1.1 has two CVE's that are corrected in the 5.1.3 release.
> The maintainer has provided a patch on 8th May, thank-you Francois.  The
> patch applies cleanly and the patched strongswan 5.1.3 installs and
> functions correctly.  I've installed it on two FreeBSD 9.2 (Stable) VPN
> servers, and other tunnelling firewalls.
>
> It would be appreciated if a ports committer could provide this patch
> for the rest of the user-base, via a strongswan port update.

Testing with

poudriere testport -j 10amd64 -o security/strongswan -n

found some pkg-plist issues:

----------------
[...]
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: etc/ipsec.conf
Error: Orphaned: %%ETCDIR%%.conf
Error: Orphaned: %%ETCDIR%%.d/charon-logging.conf
Error: Orphaned: %%ETCDIR%%.d/charon.conf
Error: Orphaned: %%ETCDIR%%.d/charon/addrblock.conf
Error: Orphaned: %%ETCDIR%%.d/charon/aes.conf
Error: Orphaned: %%ETCDIR%%.d/charon/attr.conf
Error: Orphaned: %%ETCDIR%%.d/charon/blowfish.conf
Error: Orphaned: %%ETCDIR%%.d/charon/cmac.conf
Error: Orphaned: %%ETCDIR%%.d/charon/constraints.conf
Error: Orphaned: %%ETCDIR%%.d/charon/des.conf
Error: Orphaned: %%ETCDIR%%.d/charon/dnskey.conf
Error: Orphaned: %%ETCDIR%%.d/charon/eap-identity.conf
Error: Orphaned: %%ETCDIR%%.d/charon/eap-md5.conf
Error: Orphaned: %%ETCDIR%%.d/charon/eap-mschapv2.conf
Error: Orphaned: %%ETCDIR%%.d/charon/eap-peap.conf
Error: Orphaned: %%ETCDIR%%.d/charon/eap-tls.conf
Error: Orphaned: %%ETCDIR%%.d/charon/eap-ttls.conf
Error: Orphaned: %%ETCDIR%%.d/charon/fips-prf.conf
Error: Orphaned: %%ETCDIR%%.d/charon/hmac.conf
Error: Orphaned: %%ETCDIR%%.d/charon/kernel-pfkey.conf
Error: Orphaned: %%ETCDIR%%.d/charon/kernel-pfroute.conf
Error: Orphaned: %%ETCDIR%%.d/charon/md4.conf
Error: Orphaned: %%ETCDIR%%.d/charon/md5.conf
Error: Orphaned: %%ETCDIR%%.d/charon/nonce.conf
Error: Orphaned: %%ETCDIR%%.d/charon/openssl.conf
Error: Orphaned: %%ETCDIR%%.d/charon/pem.conf
Error: Orphaned: %%ETCDIR%%.d/charon/pgp.conf
Error: Orphaned: %%ETCDIR%%.d/charon/pkcs1.conf
Error: Orphaned: %%ETCDIR%%.d/charon/pkcs12.conf
Error: Orphaned: %%ETCDIR%%.d/charon/pkcs7.conf
Error: Orphaned: %%ETCDIR%%.d/charon/pkcs8.conf
Error: Orphaned: %%ETCDIR%%.d/charon/pubkey.conf
Error: Orphaned: %%ETCDIR%%.d/charon/random.conf
Error: Orphaned: %%ETCDIR%%.d/charon/rc2.conf
Error: Orphaned: %%ETCDIR%%.d/charon/resolve.conf
Error: Orphaned: %%ETCDIR%%.d/charon/revocation.conf
Error: Orphaned: %%ETCDIR%%.d/charon/sha1.conf
Error: Orphaned: %%ETCDIR%%.d/charon/sha2.conf
Error: Orphaned: %%ETCDIR%%.d/charon/socket-default.conf
Error: Orphaned: %%ETCDIR%%.d/charon/sshkey.conf
Error: Orphaned: %%ETCDIR%%.d/charon/stroke.conf
Error: Orphaned: %%ETCDIR%%.d/charon/updown.conf
Error: Orphaned: %%ETCDIR%%.d/charon/whitelist.conf
Error: Orphaned: %%ETCDIR%%.d/charon/x509.conf
Error: Orphaned: %%ETCDIR%%.d/charon/xcbc.conf
Error: Orphaned: %%ETCDIR%%.d/starter.conf
Error: Orphaned: lib/ipsec/libcharon.so.0.0.0
Error: Orphaned: lib/ipsec/libhydra.so.0.0.0
Error: Orphaned: lib/ipsec/libstrongswan.so.0.0.0
Error: Orphaned: lib/ipsec/libtls.so.0.0.0
Error: Orphaned: @dirrmtry %%ETCDIR%%.d/charon
Error: Orphaned: @dirrmtry %%ETCDIR%%.d

----------------

I'll investigate this evening (in approx. 10 hours), if someone
can look after it before that ?

--
pi at opsec.eu            +49 171 3101372                         6 years to go !


More information about the freebsd-ports mailing list