Created attachment 157553 [details] strongswan 5.3.2 Update strongswan to 5.3.2
Created attachment 157556 [details] security/vuxml entry for strongswan Bug is for CVE-2015-4171 which was announced on oss-security this morning. As such, add ports-secteam to CC and attach a vuln.xml entry. # make validate /bin/sh /usr/ports/security/vuxml/files/tidy.sh "/usr/ports/security/vuxml/files/tidy.xsl" "/usr/ports/security/vuxml/vuln.xml" > "/usr/ports/security/vuxml/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/ports/security/vuxml/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/ports/security/vuxml/files/extra-validation.py /usr/ports/security/vuxml/vuln.xml # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit strongswan-4.3.0 strongswan-4.3.0 is vulnerable: strongswan -- Information Leak Vulnerability CVE: CVE-2015-4171 WWW: http://vuxml.FreeBSD.org/freebsd/10d14955-0e45-11e5-b6a8-002590263bf5.html ... <continued but not relevant> ... # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit strongswan-5.3.0 strongswan-5.3.0 is vulnerable: strongswan -- Information Leak Vulnerability CVE: CVE-2015-4171 WWW: http://vuxml.FreeBSD.org/freebsd/10d14955-0e45-11e5-b6a8-002590263bf5.html 1 problem(s) in the installed packages found. # env PKG_DBDIR=/usr/ports/security/vuxml pkg audit strongswan-5.3.2 0 problem(s) in the installed packages found.
Created attachment 157557 [details] Poudriere Build Logs from 10.1-RELEASE-p10 amd64 (gzip'ed) Attach log from Poudriere testport for review by maintainer/submitter. No buildtime issues noted. Runtime: No testing performed (by me). Buildtime: 'poudriere testport' successful on the following (from poudriere jail -l). 8.4-RELEASE-p28 amd64 8.4-RELEASE-p28 i386 9.3-RELEASE-p14 amd64 9.3-RELEASE-p14 i386 10.1-RELEASE-p10 amd64 10.1-RELEASE-p10 i386 11.0-CURRENT r284104 amd64 11.0-CURRENT r284104 i386
Created attachment 157559 [details] security/vuxml entry for strongswan make validate /bin/sh /usr/home/ftk/vuxml.freebsd.port/head/files/tidy.sh "/usr/home/ftk/vuxml.freebsd.port/head/files/tidy.xsl" "/usr/home/ftk/vuxml.freebsd.port/head/vuln.xml" > "/usr/home/ftk/vuxml.freebsd.port/head/vuln.xml.tidy" >>> Validating... /usr/local/bin/xmllint --valid --noout /usr/home/ftk/vuxml.freebsd.port/head/vuln.xml >>> Successful. Checking if tidy differs... ... seems okay Checking for space/tab... ... seems okay /usr/local/bin/python2.7 /usr/home/ftk/vuxml.freebsd.port/head/files/extra-validation.py /usr/home/ftk/vuxml.freebsd.port/head/vuln.xml env PKG_DBDIR=/usr/ports/security/vuxml pkg audit strongswan-4.3.0 strongswan-4.3.0 is vulnerable: strongSwan -- ECDSA signature verification issue CVE: CVE-2013-2944 WWW: http://vuxml.FreeBSD.org/freebsd/6ff570cb-b418-11e2-b279-20cf30e32f6d.html strongswan-4.3.0 is vulnerable: strongswan -- multiple DoS vulnerabilities CVE: CVE-2013-6076 CVE: CVE-2013-6075 CVE: CVE-2013-5018 WWW: http://vuxml.FreeBSD.org/freebsd/efa663eb-8754-11e3-9a47-00163e1ed244.html strongswan-4.3.0 is vulnerable: strongswan -- Remote Authentication Bypass CVE: CVE-2014-2338 WWW: http://vuxml.FreeBSD.org/freebsd/6fb521b0-d388-11e3-a790-000c2980a9f3.html strongswan-4.3.0 is vulnerable: strongswan -- Information Leak Vulnerability CVE: CVE-2015-4171 WWW: http://vuxml.FreeBSD.org/freebsd/10d14955-0e45-11e5-b6a8-002590263bf5.html 1 problem(s) in the installed packages found. env PKG_DBDIR=/usr/ports/security/vuxml pkg audit strongswan-5.3.0 strongswan-5.3.0 is vulnerable: strongswan -- Denial-of-service and potential remote code execution vulnerability CVE: CVE-2015-3991 WWW: http://vuxml.FreeBSD.org/freebsd/55363e65-0e71-11e5-8027-00167671dd1d.html strongswan-5.3.0 is vulnerable: strongswan -- Information Leak Vulnerability CVE: CVE-2015-4171 WWW: http://vuxml.FreeBSD.org/freebsd/10d14955-0e45-11e5-b6a8-002590263bf5.html 1 problem(s) in the installed packages found. env PKG_DBDIR=/usr/ports/security/vuxml pkg audit strongswan-5.3.2 0 problem(s) in the installed packages found.
Comment on attachment 157556 [details] security/vuxml entry for strongswan Updated to include CVE-2015-3991 for strongSwan 5.2.2 and 5.3.0
Comment on attachment 157553 [details] strongswan 5.3.2 Happy with the patch
Happy with the patches - Updated the vuxml entry to include CVE-2015-3991 (https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html) affecting strongswan 5.2.2 and 5.3.0.
A commit references this bug: Author: delphij Date: Tue Jun 9 08:23:29 UTC 2015 New revision: 388904 URL: https://svnweb.freebsd.org/changeset/ports/388904 Log: Document two strongswan vulnerabilities. PR: 200721 Submitted by: Jason Unovitch (with changes: wrapped long line and changed CVE-2015-3991's coverage to cover only < 5.3.1 to reflect the reality). Changes: head/security/vuxml/vuln.xml
(In reply to Renato Botelho from comment #0) Hi, Please merge this to 2015Q2 too, thanks!
A commit references this bug: Author: garga Date: Tue Jun 9 09:51:08 UTC 2015 New revision: 388905 URL: https://svnweb.freebsd.org/changeset/ports/388905 Log: Update to 5.3.2 PR: 200721 Approved by: strongswan@Nanoteq.com (maintainer) MFH: 2015Q2 Security: CVE-2015-3991 Sponsored by: Netgate Changes: head/security/strongswan/Makefile head/security/strongswan/distinfo head/security/strongswan/files/patch-src_starter_starterstroke.c head/security/strongswan/files/patch-src_stroke_stroke.c
A commit references this bug: Author: garga Date: Tue Jun 9 19:57:05 UTC 2015 New revision: 388995 URL: https://svnweb.freebsd.org/changeset/ports/388995 Log: MFH: r388905 Update to 5.3.2 PR: 200721 Approved by: strongswan@Nanoteq.com (maintainer) Security: CVE-2015-3991 Sponsored by: Netgate Approved by: portmgr (erwin) Changes: _U branches/2015Q2/ branches/2015Q2/security/strongswan/Makefile branches/2015Q2/security/strongswan/distinfo branches/2015Q2/security/strongswan/files/patch-src_starter_starterstroke.c branches/2015Q2/security/strongswan/files/patch-src_stroke_stroke.c
Mark as resolved as all update bits are in tree now.