Bug 267037

Summary: security/strongswan: update to 5.9.8
Product: Ports & Packages Reporter: Franco Fichtner <franco>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Only Me CC: fernape, nevecherya, ports-secteam, strongswan
Priority: --- Keywords: security
Version: LatestFlags: bugzilla: maintainer-feedback? (strongswan)
fernape: merge-quarterly+
Hardware: Any   
OS: Any   
URL: https://github.com/strongswan/strongswan/releases/tag/5.9.8
Attachments:
Description Flags
update none

Description Franco Fichtner 2022-10-14 07:22:26 UTC 
Created attachment 237287 [details]
update

Hi,

Since vulnerability exists here is the port update including:

https://github.com/strongswan/strongswan/releases/tag/5.9.7
https://github.com/strongswan/strongswan/releases/tag/5.9.8


Cheers,
Franco
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2022-10-17 06:09:43 UTC 
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.

Franco, what vulnerability are you referring to?


Thanks!
Comment 2 Franco Fichtner 2022-10-17 06:12:00 UTC 
https://cgit.freebsd.org/ports/commit/?id=c1b081145ff7f719c3867702e9d83718b674505d

I found it odd that it was registered there already but no update was proposed.


Cheers,
Franco
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-10-19 16:50:20 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a28166f3b1e22d446f76d5f71f27f082b0e7e19f

commit a28166f3b1e22d446f76d5f71f27f082b0e7e19f
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2022-10-17 06:06:35 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-10-19 16:45:55 +0000

    security/strongswan: update to 5.9.8

    ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8

    Fixes CVE-2022-40617.

    PR:             267037
    Reported by:    franco@opnsense.org
    Approved by:    strongswan@Nanoteq.com (maintainer, implicit)
    MFH:            2022Q4  (security update)
    Security:       CVE-2022-40617 DoS attack vulnerability

 security/strongswan/Makefile  | 3 +--
 security/strongswan/distinfo  | 6 +++---
 security/strongswan/pkg-plist | 5 ++++-
 3 files changed, 8 insertions(+), 6 deletions(-)
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2022-10-19 16:50:50 UTC 
Committed and merged to 2022Q4,

Thanks!
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-10-19 16:51:22 UTC 
A commit in branch 2022Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=de86c5fe2678752cf798a2fc3294fd13202eaae9

commit de86c5fe2678752cf798a2fc3294fd13202eaae9
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2022-10-17 06:06:35 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-10-19 16:46:51 +0000

    security/strongswan: update to 5.9.8

    ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8

    Fixes CVE-2022-40617.

    PR:             267037
    Reported by:    franco@opnsense.org
    Approved by:    strongswan@Nanoteq.com (maintainer, implicit)
    MFH:            2022Q4  (security update)
    Security:       CVE-2022-40617 DoS attack vulnerability

    (cherry picked from commit a28166f3b1e22d446f76d5f71f27f082b0e7e19f)

 security/strongswan/Makefile  | 3 +--
 security/strongswan/distinfo  | 6 +++---
 security/strongswan/pkg-plist | 5 ++++-
 3 files changed, 8 insertions(+), 6 deletions(-)