From owner-freebsd-ports@FreeBSD.ORG Mon Jan 6 14:01:03 2014 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6B1BB44F for ; Mon, 6 Jan 2014 14:01:03 +0000 (UTC) Received: from relay05.imcf.co.za (delivery.imcf.co.za [196.30.14.11]) by mx1.freebsd.org (Postfix) with ESMTP id 8DE1313C1 for ; Mon, 6 Jan 2014 14:01:01 +0000 (UTC) Received: from MailVault ([192.168.2.64]) by relay05.imcf.co.za with Microsoft SMTPSVC(6.0.3790.1830); Mon, 6 Jan 2014 15:58:44 +0200 Received: from 8360-1.imcf.co.za ([192.168.1.1]) by IMCFMVA34.imcf.co.za with Microsoft SMTPSVC(6.0.3790.1830); Mon, 6 Jan 2014 15:58:43 +0200 X-AuditID: c0a80433-b7f068e00000506a-4f-52cab693277f Received: from ntq-ex.nanoteq.co.za ( [192.168.150.40]) by 8360-1.imcf.co.za (Securicom Gateway) with SMTP id F9.A8.20586.396BAC25; Mon, 6 Jan 2014 15:58:43 +0200 (CAT) Received: from NTQ-EX.nanoteq.co.za ([10.37.48.8]) by ntq-ex.nanoteq.co.za ([10.37.48.8]) with mapi; Mon, 6 Jan 2014 15:57:33 +0200 From: Francois ten Krooden To: Dewayne Geraghty , dycuo123 , strongswan Date: Mon, 6 Jan 2014 15:54:13 +0200 Subject: RE: Request for strongSwan and Poptop (pptpd) ports update Thread-Topic: Request for strongSwan and Poptop (pptpd) ports update Thread-Index: Ac8Kp55lt/kCL3iOQLeJ+hw+kmWbbQAPyn18 Message-ID: References: , <52CA4B54.4050908@heuristicsystems.com.au> In-Reply-To: <52CA4B54.4050908@heuristicsystems.com.au> Accept-Language: en-US, en-ZA Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-ZA Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrKJsWRmVeSWpSXmKPExsVyYMU0Dd3J204FGXTfUrTYem8as8Wfu6vY LLZNbmV0YPaY8Wk+i8fOWXfZPTYcXsYcwBzFZZOSmpNZllqkb5fAlbFz+kSWgm+iFW//nWFp YDwi1MXIwSEhYCIxcWJKFyMnkCkmceHeerYuRi4OIYHVjBJ/pj9ggnBaGSW2nZ3HDlLFJqAj sXjNenaQhAhI4vbfPywgCWYBbYkVzYtYQWwWARWJrfduMYHYwgLOEu/nHGID2SYi4CJx4noO SFhEwEji640lrCBhXgFfibXn7EDCQgLVEp9/trCB2JwC5hLzzv0Gm8IoICtxcMsXRohN4hK3 nsxngjhaQGLJnvPMELaoxMvH/1gh6mUkui89ZoOo15FYsPsTG8yVyxa+BqvnFRCUODnzCcsE RrFZSMbOQtIyC0nLLCQtCxhZVjEKWhibGega6mXmJqfpJefrVSVuYgRHEovxDsZzawwOMQpw MCrx8F5ZdCpIiDWxrLgy9xCjJQeTkijv581AIb6k/JTKjMTijPii0pzUYiU5Xmbuk0FC4nDh 4tLigszkzPzS4vjSopxDjBIczEoivFwLgHp5UxIrq1KL8iFaDzFKc7AoifO6cPUFCQmkJ5ak ZqemFqQWwWTtOTiUJHj5twA1ChalpqdWpGXmlMCklRR5j4LslUKWQbeaiYPzEKM5Bw/Q/odb QfYXFyTmFmemQ42Q5e0EGSEGE0XVforRWkqc1xtkvQBIRUZpHtx2KQXeEl6gVkkkCVTdrxhN gcEozDsNpJ8HmB0Q1srwzgJZKwoVRNdnDgxrEd7QOLB7SxJLkN2rFn8K5F6oKKpOqQbG8ELV raZHnhxSfn555l6+kBS51iY2wXeXzB/fPLrA513qAr3/cvwVfheb5rz1nhP/bPU02VdZZueP cB77r/bSzt6vvjPw/LL/Ym/8Is83b4qpihDoEjjgu2uCrzyLyHOG7XbKn+tF4yvOL69rtn77 VOWicN+L1BQZj/ILnzLDF3Lc6ju9Ul9KiaU4I9FQi7moOBEAvweDmggEAAA= X-OriginalArrivalTime: 06 Jan 2014 13:58:43.0316 (UTC) FILETIME=[690C2340:01CF0AE7] x-archived: no Cc: "ports@freebsd.org" X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jan 2014 14:01:03 -0000 Hi Dewayne Those vulnerabilities is fixed in version 5.1.1 for which the patch is alre= ady submitted, but have not yet been applied. I will submit a new patch no= w with high availability feature removed since this is not working correctl= y when I performed further testing on the port. I was still waiting for a committer to submit the changes to the ports tree= . Kind regards Francois ten Krooden ________________________________________ From: Dewayne Geraghty [dewayne.geraghty@heuristicsystems.com.au] Sent: Monday, January 06, 2014 8:21 AM To: dycuo123; strongswan Cc: ports@freebsd.org Subject: Re: Request for strongSwan and Poptop (pptpd) ports update On 5/01/2014 6:08 AM, dycuo123 wrote: > Hi,there > > Do you guys have some time to update these two? Many thanks! > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > Its probably better if you direct your request to the maintainer of the port, ideally using http://www.freebsd.org/send-pr.html, identifying the upgrade benefits and further details to pique their interest. For example, strongswan: Current ports version is 5.0.4 and released version by strongswan is 5.1.1 (version 5.1.2 is scheduled for February) Reasons for the request are: 1. Rectification of security vulnerabilities allowing Denial of Service: https://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2013-6075 https://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2013-6076 https://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2013-5018 2. Rectification of security vulnerabilities allowing user impersonation and bypassing access restrictions CVE-2013-6075 (above) 3. Refer to change log http://wiki.strongswan.org/projects/strongswan/wiki/Changelog51, specifically ... But of course the first thing to do is to use http://www.freebsd.org/cgi/query-pr-summary.cgi to check if the request has already been made. And in this instance it has! Please refer to http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/183688 And given the outstanding CVEs I'd suggest that you apply the patches, if you're going to use this port; pending maintainer's availability. Francois, I've included you, as the CVE's should push this update from a low priority/non-critical category to a medium given that it can be DOS'ed via the network without authentication. (And unfortunately IKEv1 is required for iPhone clients using IPSEC) Regards, Dewayne. Important Notice: This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail le= gal notice available at: http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx