svn commit: r317229 - in head/security: strongswan strongswan/files vuxml

Olli Hauer ohauer at FreeBSD.org
Fri May 3 18:16:37 UTC 2013 

Author: ohauer
Date: Fri May  3 18:16:35 2013
New Revision: 317229
URL: http://svnweb.freebsd.org/changeset/ports/317229

Log:
  - update to version 5.0.4 which fixes CVE-2013-2944.
  - add entry to vuxml
  - add CVE references to jankins vuxml entry
  
  while I'm here remove .sh from rc script
  
  PR:		ports/178266
  Submitted by:	David Shane Holden <dpejesh at yahoo.com>
  Approved by:	strongswan at nanoteq.com (maintainer)

Added:
  head/security/strongswan/files/strongswan.in
     - copied unchanged from r317225, head/security/strongswan/files/strongswan.sh.in
Deleted:
  head/security/strongswan/files/strongswan.sh.in
Modified:
  head/security/strongswan/Makefile
  head/security/strongswan/distinfo
  head/security/strongswan/pkg-plist
  head/security/vuxml/vuln.xml

Modified: head/security/strongswan/Makefile
==============================================================================
--- head/security/strongswan/Makefile	Fri May  3 18:03:28 2013	(r317228)
+++ head/security/strongswan/Makefile	Fri May  3 18:16:35 2013	(r317229)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	strongswan
-PORTVERSION=	5.0.1
+PORTVERSION=	5.0.4
 CATEGORIES=	security
 MASTER_SITES=	http://download.strongswan.org/ \
 		http://download2.strongswan.org/
@@ -15,7 +15,7 @@ LIB_DEPENDS=	execinfo:${PORTSDIR}/devel/
 USE_BZIP2=	yes
 USE_OPENSSL=	yes
 USE_AUTOTOOLS=	libtool
-USE_RC_SUBR=	strongswan.sh
+USE_RC_SUBR=	strongswan
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes
 

Modified: head/security/strongswan/distinfo
==============================================================================
--- head/security/strongswan/distinfo	Fri May  3 18:03:28 2013	(r317228)
+++ head/security/strongswan/distinfo	Fri May  3 18:16:35 2013	(r317229)
@@ -1,2 +1,2 @@
-SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4
-SIZE (strongswan-5.0.1.tar.bz2) = 3146776
+SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
+SIZE (strongswan-5.0.4.tar.bz2) = 3412930

Copied: head/security/strongswan/files/strongswan.in (from r317225, head/security/strongswan/files/strongswan.sh.in)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/strongswan/files/strongswan.in	Fri May  3 18:16:35 2013	(r317229, copy of r317225, head/security/strongswan/files/strongswan.sh.in)
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Start or stop strongswan
+# $FreeBSD$
+
+# PROVIDE: strongswan
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+command="%%PREFIX%%/sbin/ipsec"
+. /etc/rc.subr
+
+name="strongswan"
+rcvar=`set_rcvar`
+extra_commands="reload statusall"
+
+load_rc_config $name
+
+start_cmd="strongswan_command start"
+stop_cmd="strongswan_command stop"
+restart_cmd="strongswan_command restart"
+status_cmd="strongswan_command status"
+reload_cmd="strongswan_command reload"
+statusall_cmd="strongswan_command statusall"
+
+
+strongswan_command()
+{
+	$command ${rc_arg}
+}
+
+run_rc_command "$1"
+

Modified: head/security/strongswan/pkg-plist
==============================================================================
--- head/security/strongswan/pkg-plist	Fri May  3 18:03:28 2013	(r317228)
+++ head/security/strongswan/pkg-plist	Fri May  3 18:16:35 2013	(r317229)
@@ -91,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pgp.so
 lib/ipsec/plugins/libstrongswan-pkcs1.a
 lib/ipsec/plugins/libstrongswan-pkcs1.la
 lib/ipsec/plugins/libstrongswan-pkcs1.so
+lib/ipsec/plugins/libstrongswan-pkcs7.a
+lib/ipsec/plugins/libstrongswan-pkcs7.la
+lib/ipsec/plugins/libstrongswan-pkcs7.so
 lib/ipsec/plugins/libstrongswan-pkcs8.a
 lib/ipsec/plugins/libstrongswan-pkcs8.la
 lib/ipsec/plugins/libstrongswan-pkcs8.so

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri May  3 18:03:28 2013	(r317228)
+++ head/security/vuxml/vuln.xml	Fri May  3 18:16:35 2013	(r317229)
@@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="6ff570cb-b418-11e2-b279-20cf30e32f6d">
+    <topic>strongSwan -- ECDSA signature verification issue</topic>
+    <affects>
+      <package>
+	<name>strongswan</name>
+	<range><lt>5.0.4</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>strongSwan security team reports:</p>
+	<blockquote cite="http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html">
+	  <p>If the openssl plugin is used for ECDSA signature verification an empty,
+	    zeroed or otherwise invalid signature is handled as a legitimate one.
+	    Both IKEv1 and IKEv2 are affected.</p>
+	  <p>Affected are only installations that have enabled and loaded the OpenSSL
+	    crypto backend (--enable-openssl). Builds using the default crypto backends
+	    are not affected.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-2944</cvename>
+    </references>
+    <dates>
+      <discovery>2013-05-03</discovery>
+      <entry>2013-05-03</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="622e14b1-b40c-11e2-8441-00e0814cab4e">
     <topic>jenkins -- multiple vulnerabilities</topic>
     <affects>
@@ -100,6 +130,10 @@ Note:  Please add new entries to the beg
     </description>
     <references>
       <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02</url>
+      <cvename>CVE-2013-2034</cvename>
+      <cvename>CVE-2013-2033</cvename>
+      <cvename>CVE-2013-2034</cvename>
+      <cvename>CVE-2013-1808</cvename>
     </references>
     <dates>
       <discovery>2013-05-02</discovery>

More information about the svn-ports-head mailing list