From 7ee384317310e350381292183d5e2844e0d31f13 Mon Sep 17 00:00:00 2001 From: Olli Hauer Date: Fri, 3 May 2013 18:16:35 +0000 Subject: [PATCH] - update to version 5.0.4 which fixes CVE-2013-2944. - add entry to vuxml - add CVE references to jankins vuxml entry while I'm here remove .sh from rc script PR: ports/178266 Submitted by: David Shane Holden Approved by: strongswan@nanoteq.com (maintainer) --- security/strongswan/Makefile | 4 +-- security/strongswan/distinfo | 4 +-- .../files/{strongswan.sh.in => strongswan.in} | 0 security/strongswan/pkg-plist | 3 ++ security/vuxml/vuln.xml | 34 +++++++++++++++++++ 5 files changed, 41 insertions(+), 4 deletions(-) rename security/strongswan/files/{strongswan.sh.in => strongswan.in} (100%) diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile index 32a35f845546..a5e194200285 100644 --- a/security/strongswan/Makefile +++ b/security/strongswan/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= strongswan -PORTVERSION= 5.0.1 +PORTVERSION= 5.0.4 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ @@ -15,7 +15,7 @@ LIB_DEPENDS= execinfo:${PORTSDIR}/devel/libexecinfo USE_BZIP2= yes USE_OPENSSL= yes USE_AUTOTOOLS= libtool -USE_RC_SUBR= strongswan.sh +USE_RC_SUBR= strongswan GNU_CONFIGURE= yes USE_LDCONFIG= yes diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo index 05d53887153a..ff76032d4df9 100644 --- a/security/strongswan/distinfo +++ b/security/strongswan/distinfo @@ -1,2 +1,2 @@ -SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4 -SIZE (strongswan-5.0.1.tar.bz2) = 3146776 +SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2 +SIZE (strongswan-5.0.4.tar.bz2) = 3412930 diff --git a/security/strongswan/files/strongswan.sh.in b/security/strongswan/files/strongswan.in similarity index 100% rename from security/strongswan/files/strongswan.sh.in rename to security/strongswan/files/strongswan.in diff --git a/security/strongswan/pkg-plist b/security/strongswan/pkg-plist index 645d4737a74c..170f10d7377e 100644 --- a/security/strongswan/pkg-plist +++ b/security/strongswan/pkg-plist @@ -91,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pgp.so lib/ipsec/plugins/libstrongswan-pkcs1.a lib/ipsec/plugins/libstrongswan-pkcs1.la lib/ipsec/plugins/libstrongswan-pkcs1.so +lib/ipsec/plugins/libstrongswan-pkcs7.a +lib/ipsec/plugins/libstrongswan-pkcs7.la +lib/ipsec/plugins/libstrongswan-pkcs7.so lib/ipsec/plugins/libstrongswan-pkcs8.a lib/ipsec/plugins/libstrongswan-pkcs8.la lib/ipsec/plugins/libstrongswan-pkcs8.so diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 5f3e37597f0a..807055efdfff 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file. --> + + strongSwan -- ECDSA signature verification issue + + + strongswan + 5.0.4 + + + + +

strongSwan security team reports:

+
+

If the openssl plugin is used for ECDSA signature verification an empty, + zeroed or otherwise invalid signature is handled as a legitimate one. + Both IKEv1 and IKEv2 are affected.

+

Affected are only installations that have enabled and loaded the OpenSSL + crypto backend (--enable-openssl). Builds using the default crypto backends + are not affected.

+
+ + + + CVE-2013-2944 + + + 2013-05-03 + 2013-05-03 + + + jenkins -- multiple vulnerabilities @@ -100,6 +130,10 @@ Note: Please add new entries to the beginning of this file. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02 + CVE-2013-2034 + CVE-2013-2033 + CVE-2013-2034 + CVE-2013-1808 2013-05-02