Date: Fri, 3 May 2013 18:16:36 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r317229 - in head/security: strongswan strongswan/files vuxml Message-ID: <201305031816.r43IGaK6076450@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Fri May 3 18:16:35 2013 New Revision: 317229 URL: http://svnweb.freebsd.org/changeset/ports/317229 Log: - update to version 5.0.4 which fixes CVE-2013-2944. - add entry to vuxml - add CVE references to jankins vuxml entry while I'm here remove .sh from rc script PR: ports/178266 Submitted by: David Shane Holden <dpejesh@yahoo.com> Approved by: strongswan@nanoteq.com (maintainer) Added: head/security/strongswan/files/strongswan.in - copied unchanged from r317225, head/security/strongswan/files/strongswan.sh.in Deleted: head/security/strongswan/files/strongswan.sh.in Modified: head/security/strongswan/Makefile head/security/strongswan/distinfo head/security/strongswan/pkg-plist head/security/vuxml/vuln.xml Modified: head/security/strongswan/Makefile ============================================================================== --- head/security/strongswan/Makefile Fri May 3 18:03:28 2013 (r317228) +++ head/security/strongswan/Makefile Fri May 3 18:16:35 2013 (r317229) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= strongswan -PORTVERSION= 5.0.1 +PORTVERSION= 5.0.4 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ @@ -15,7 +15,7 @@ LIB_DEPENDS= execinfo:${PORTSDIR}/devel/ USE_BZIP2= yes USE_OPENSSL= yes USE_AUTOTOOLS= libtool -USE_RC_SUBR= strongswan.sh +USE_RC_SUBR= strongswan GNU_CONFIGURE= yes USE_LDCONFIG= yes Modified: head/security/strongswan/distinfo ============================================================================== --- head/security/strongswan/distinfo Fri May 3 18:03:28 2013 (r317228) +++ head/security/strongswan/distinfo Fri May 3 18:16:35 2013 (r317229) @@ -1,2 +1,2 @@ -SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4 -SIZE (strongswan-5.0.1.tar.bz2) = 3146776 +SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2 +SIZE (strongswan-5.0.4.tar.bz2) = 3412930 Copied: head/security/strongswan/files/strongswan.in (from r317225, head/security/strongswan/files/strongswan.sh.in) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/strongswan/files/strongswan.in Fri May 3 18:16:35 2013 (r317229, copy of r317225, head/security/strongswan/files/strongswan.sh.in) @@ -0,0 +1,33 @@ +#!/bin/sh +# Start or stop strongswan +# $FreeBSD$ + +# PROVIDE: strongswan +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +command="%%PREFIX%%/sbin/ipsec" +. /etc/rc.subr + +name="strongswan" +rcvar=`set_rcvar` +extra_commands="reload statusall" + +load_rc_config $name + +start_cmd="strongswan_command start" +stop_cmd="strongswan_command stop" +restart_cmd="strongswan_command restart" +status_cmd="strongswan_command status" +reload_cmd="strongswan_command reload" +statusall_cmd="strongswan_command statusall" + + +strongswan_command() +{ + $command ${rc_arg} +} + +run_rc_command "$1" + Modified: head/security/strongswan/pkg-plist ============================================================================== --- head/security/strongswan/pkg-plist Fri May 3 18:03:28 2013 (r317228) +++ head/security/strongswan/pkg-plist Fri May 3 18:16:35 2013 (r317229) @@ -91,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pgp.so lib/ipsec/plugins/libstrongswan-pkcs1.a lib/ipsec/plugins/libstrongswan-pkcs1.la lib/ipsec/plugins/libstrongswan-pkcs1.so +lib/ipsec/plugins/libstrongswan-pkcs7.a +lib/ipsec/plugins/libstrongswan-pkcs7.la +lib/ipsec/plugins/libstrongswan-pkcs7.so lib/ipsec/plugins/libstrongswan-pkcs8.a lib/ipsec/plugins/libstrongswan-pkcs8.la lib/ipsec/plugins/libstrongswan-pkcs8.so Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri May 3 18:03:28 2013 (r317228) +++ head/security/vuxml/vuln.xml Fri May 3 18:16:35 2013 (r317229) @@ -51,6 +51,36 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="6ff570cb-b418-11e2-b279-20cf30e32f6d"> + <topic>strongSwan -- ECDSA signature verification issue</topic> + <affects> + <package> + <name>strongswan</name> + <range><lt>5.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>strongSwan security team reports:</p> + <blockquote cite="http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html">; + <p>If the openssl plugin is used for ECDSA signature verification an empty, + zeroed or otherwise invalid signature is handled as a legitimate one. + Both IKEv1 and IKEv2 are affected.</p> + <p>Affected are only installations that have enabled and loaded the OpenSSL + crypto backend (--enable-openssl). Builds using the default crypto backends + are not affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-2944</cvename> + </references> + <dates> + <discovery>2013-05-03</discovery> + <entry>2013-05-03</entry> + </dates> + </vuln> + <vuln vid="622e14b1-b40c-11e2-8441-00e0814cab4e"> <topic>jenkins -- multiple vulnerabilities</topic> <affects> @@ -100,6 +130,10 @@ Note: Please add new entries to the beg </description> <references> <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02</url>; + <cvename>CVE-2013-2034</cvename> + <cvename>CVE-2013-2033</cvename> + <cvename>CVE-2013-2034</cvename> + <cvename>CVE-2013-1808</cvename> </references> <dates> <discovery>2013-05-02</discovery>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201305031816.r43IGaK6076450>