- update to version 5.0.4 which fixes CVE-2013-2944.

- add entry to vuxml - add CVE references to jankins vuxml entry while I'm here remove .sh from rc script PR: ports/178266 Submitted by: David Shane Holden <dpejesh@yahoo.com> Approved by: strongswan@nanoteq.com (maintainer)
svn path=/head/; revision=317229
2013-05-03 18:16:35 +00:00 · 2013-05-03 18:16:35 +00:00 · 7ee3843173 · 2021-03-31 03:12:20 +00:00
commit 7ee3843173
parent 09b9dd6fc5
5 changed files with 41 additions and 4 deletions
--- a/security/strongswan/Makefile
+++ b/security/strongswan/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	strongswan
-PORTVERSION=	5.0.1
+PORTVERSION=	5.0.4
 CATEGORIES=	security
 MASTER_SITES=	http://download.strongswan.org/ \
 		http://download2.strongswan.org/
@ -15,7 +15,7 @@ LIB_DEPENDS=	execinfo:${PORTSDIR}/devel/libexecinfo
 USE_BZIP2=	yes
 USE_OPENSSL=	yes
 USE_AUTOTOOLS=	libtool
-USE_RC_SUBR=	strongswan.sh
+USE_RC_SUBR=	strongswan
 GNU_CONFIGURE=	yes
 USE_LDCONFIG=	yes

--- a/security/strongswan/distinfo
+++ b/security/strongswan/distinfo
@ -1,2 +1,2 @@
-SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4
-SIZE (strongswan-5.0.1.tar.bz2) = 3146776
+SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
+SIZE (strongswan-5.0.4.tar.bz2) = 3412930
--- a/security/strongswan/files/strongswan.sh.in
+++ b/security/strongswan/files/strongswan.sh.in
--- a/security/strongswan/pkg-plist
+++ b/security/strongswan/pkg-plist
@ -91,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pgp.so
 lib/ipsec/plugins/libstrongswan-pkcs1.a
 lib/ipsec/plugins/libstrongswan-pkcs1.la
 lib/ipsec/plugins/libstrongswan-pkcs1.so
+lib/ipsec/plugins/libstrongswan-pkcs7.a
+lib/ipsec/plugins/libstrongswan-pkcs7.la
+lib/ipsec/plugins/libstrongswan-pkcs7.so
 lib/ipsec/plugins/libstrongswan-pkcs8.a
 lib/ipsec/plugins/libstrongswan-pkcs8.la
 lib/ipsec/plugins/libstrongswan-pkcs8.so
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -51,6 +51,36 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="6ff570cb-b418-11e2-b279-20cf30e32f6d">
+    <topic>strongSwan -- ECDSA signature verification issue</topic>
+    <affects>
+      <package>
+	<name>strongswan</name>
+	<range><lt>5.0.4</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>strongSwan security team reports:</p>
+	<blockquote cite="http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html">
+	  <p>If the openssl plugin is used for ECDSA signature verification an empty,
+	    zeroed or otherwise invalid signature is handled as a legitimate one.
+	    Both IKEv1 and IKEv2 are affected.</p>
+	  <p>Affected are only installations that have enabled and loaded the OpenSSL
+	    crypto backend (--enable-openssl). Builds using the default crypto backends
+	    are not affected.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-2944</cvename>
+    </references>
+    <dates>
+      <discovery>2013-05-03</discovery>
+      <entry>2013-05-03</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="622e14b1-b40c-11e2-8441-00e0814cab4e">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
@ -100,6 +130,10 @@ Note:  Please add new entries to the beginning of this file.
    </description>
    <references>
      <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02</url>
+      <cvename>CVE-2013-2034</cvename>
+      <cvename>CVE-2013-2033</cvename>
+      <cvename>CVE-2013-2034</cvename>
+      <cvename>CVE-2013-1808</cvename>
    </references>
    <dates>
      <discovery>2013-05-02</discovery>