- update to version 5.0.4 which fixes CVE-2013-2944.

- add entry to vuxml
- add CVE references to jankins vuxml entry

while I'm here remove .sh from rc script

PR:		ports/178266
Submitted by:	David Shane Holden <dpejesh@yahoo.com>
Approved by:	strongswan@nanoteq.com (maintainer)
This commit is contained in:
Olli Hauer 2013-05-03 18:16:35 +00:00
parent 09b9dd6fc5
commit 7ee3843173
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=317229
5 changed files with 41 additions and 4 deletions

View file

@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= strongswan
PORTVERSION= 5.0.1
PORTVERSION= 5.0.4
CATEGORIES= security
MASTER_SITES= http://download.strongswan.org/ \
http://download2.strongswan.org/
@ -15,7 +15,7 @@ LIB_DEPENDS= execinfo:${PORTSDIR}/devel/libexecinfo
USE_BZIP2= yes
USE_OPENSSL= yes
USE_AUTOTOOLS= libtool
USE_RC_SUBR= strongswan.sh
USE_RC_SUBR= strongswan
GNU_CONFIGURE= yes
USE_LDCONFIG= yes

View file

@ -1,2 +1,2 @@
SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4
SIZE (strongswan-5.0.1.tar.bz2) = 3146776
SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
SIZE (strongswan-5.0.4.tar.bz2) = 3412930

View file

@ -91,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pgp.so
lib/ipsec/plugins/libstrongswan-pkcs1.a
lib/ipsec/plugins/libstrongswan-pkcs1.la
lib/ipsec/plugins/libstrongswan-pkcs1.so
lib/ipsec/plugins/libstrongswan-pkcs7.a
lib/ipsec/plugins/libstrongswan-pkcs7.la
lib/ipsec/plugins/libstrongswan-pkcs7.so
lib/ipsec/plugins/libstrongswan-pkcs8.a
lib/ipsec/plugins/libstrongswan-pkcs8.la
lib/ipsec/plugins/libstrongswan-pkcs8.so

View file

@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="6ff570cb-b418-11e2-b279-20cf30e32f6d">
<topic>strongSwan -- ECDSA signature verification issue</topic>
<affects>
<package>
<name>strongswan</name>
<range><lt>5.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>strongSwan security team reports:</p>
<blockquote cite="http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html">
<p>If the openssl plugin is used for ECDSA signature verification an empty,
zeroed or otherwise invalid signature is handled as a legitimate one.
Both IKEv1 and IKEv2 are affected.</p>
<p>Affected are only installations that have enabled and loaded the OpenSSL
crypto backend (--enable-openssl). Builds using the default crypto backends
are not affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-2944</cvename>
</references>
<dates>
<discovery>2013-05-03</discovery>
<entry>2013-05-03</entry>
</dates>
</vuln>
<vuln vid="622e14b1-b40c-11e2-8441-00e0814cab4e">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
@ -100,6 +130,10 @@ Note: Please add new entries to the beginning of this file.
</description>
<references>
<url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02</url>
<cvename>CVE-2013-2034</cvename>
<cvename>CVE-2013-2033</cvename>
<cvename>CVE-2013-2034</cvename>
<cvename>CVE-2013-1808</cvename>
</references>
<dates>
<discovery>2013-05-02</discovery>