Bug 259267 - security/strongswan: Update to 5.9.4
Summary: security/strongswan: Update to 5.9.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Li-Wen Hsu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-19 12:08 UTC by Dani I.
Modified: 2022-01-26 04:48 UTC (History)
4 users (show)

See Also:
strongswan: maintainer-feedback+
i.dani: maintainer-feedback? (ports-secteam)
driesm: merge-quarterly+


Attachments
Update to 5.9.4 (857 bytes, patch)
2021-10-19 12:08 UTC, Dani I.
no flags Details | Diff
Added vuxml entry for the update (1.80 KB, patch)
2021-10-20 08:30 UTC, Francois ten Krooden
strongswan: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dani I. 2021-10-19 12:08:25 UTC
Created attachment 228834 [details]
Update to 5.9.4

Security & Bugfix Update to 5.9.4:
- Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4
- While here change repos to https
- Fix CVE-2021-41990: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
- Fix CVE-2021-41991: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
Comment 1 Francois ten Krooden 2021-10-19 13:22:59 UTC
Comment on attachment 228834 [details]
Update to 5.9.4

I am happy with the patch
Comment 2 commit-hook freebsd_committer freebsd_triage 2021-10-20 07:21:50 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=eead2ddf757a4e9f50eedd1680f3b62e6a16aaef

commit eead2ddf757a4e9f50eedd1680f3b62e6a16aaef
Author:     Dani <i.dani@outlook.com>
AuthorDate: 2021-10-20 07:19:32 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2021-10-20 07:19:32 +0000

    security/strongswan: Update to 5.9.4

    Security & Bugfix Update to 5.9.4:
    - Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4
    - While here change repos to https
    - Fix CVE-2021-41990: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
    - Fix CVE-2021-41991: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html

    PR:             259267
    Approved by:    strongswan@Nanoteq.com (maintainer)
    MFH:            2021Q4

 security/strongswan/Makefile | 6 +++---
 security/strongswan/distinfo | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)
Comment 3 commit-hook freebsd_committer freebsd_triage 2021-10-20 07:22:53 UTC
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=cd039668f731f557bde9f266afcc9f88d60c3fc1

commit cd039668f731f557bde9f266afcc9f88d60c3fc1
Author:     Dani <i.dani@outlook.com>
AuthorDate: 2021-10-20 07:19:32 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2021-10-20 07:22:04 +0000

    security/strongswan: Update to 5.9.4

    Security & Bugfix Update to 5.9.4:
    - Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4
    - While here change repos to https
    - Fix CVE-2021-41990: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html
    - Fix CVE-2021-41991: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html

    PR:             259267
    Approved by:    strongswan@Nanoteq.com (maintainer)
    MFH:            2021Q4

    (cherry picked from commit eead2ddf757a4e9f50eedd1680f3b62e6a16aaef)

 security/strongswan/Makefile | 6 +++---
 security/strongswan/distinfo | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)
Comment 4 Li-Wen Hsu freebsd_committer freebsd_triage 2021-10-20 07:23:14 UTC
(In reply to Dani from comment #0)
Thanks for the patch, since this is a security update, can you help create an entry for security/vuxml?
Comment 5 Francois ten Krooden 2021-10-20 08:30:08 UTC
Created attachment 228859 [details]
Added vuxml entry for the update

Added vuxml entry for the update.
Comment 6 Li-Wen Hsu freebsd_committer freebsd_triage 2021-10-21 00:21:20 UTC
(In reply to strongswan from comment #5)
Thanks, if possible, please set your name at https://bugs.freebsd.org/bugzilla/userprefs.cgi?tab=account so we can use it in `git commit --author`.
Comment 7 Francois ten Krooden 2021-10-21 04:11:09 UTC
(In reply to Li-Wen Hsu from comment #6)
Done, thanks
Comment 8 Dries Michiels freebsd_committer freebsd_triage 2022-01-25 15:35:12 UTC
Closing as this PR seems fixed. Feel free to reopen if mistaken.
Comment 9 Li-Wen Hsu freebsd_committer freebsd_triage 2022-01-25 15:51:56 UTC
The vuxml patch has not merged.
Comment 10 commit-hook freebsd_committer freebsd_triage 2022-01-26 04:48:49 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f7875319cd715adf4ba9c016fa937e78dd073e44

commit f7875319cd715adf4ba9c016fa937e78dd073e44
Author:     Francois ten Krooden <strongswan@Nanoteq.com>
AuthorDate: 2022-01-25 16:03:23 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2022-01-26 04:44:03 +0000

    security/vuxml: Add CVE-2021-41990 and CVE-2021-41991 for security/strongswan

    PR:             259267

 security/vuxml/vuln-2022.xml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)