From nobody@FreeBSD.org  Tue Apr 30 18:43:36 2013
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	by hub.freebsd.org (Postfix) with ESMTP id A07CAF94
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 30 Apr 2013 18:43:36 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [69.147.83.34])
	by mx1.freebsd.org (Postfix) with ESMTP id 9079312F3
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 30 Apr 2013 18:43:36 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id r3UIhaDN057475
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 30 Apr 2013 18:43:36 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id r3UIhaCL057474;
	Tue, 30 Apr 2013 18:43:36 GMT
	(envelope-from nobody)
Message-Id: <201304301843.r3UIhaCL057474@red.freebsd.org>
Date: Tue, 30 Apr 2013 18:43:36 GMT
From: David Shane Holden <dpejesh@yahoo.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: security/strongswan - CVE-2013-2944
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: strongswan@nanoteq.com

>Number:         178266
>Category:       ports
>Synopsis:       security/strongswan - CVE-2013-2944
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ohauer
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Apr 30 18:50:00 UTC 2013
>Closed-Date:    Fri May 03 18:26:53 UTC 2013
>Last-Modified:  Fri May 03 18:26:53 UTC 2013
>Originator:     David Shane Holden
>Release:        9.1-RELEASE
>Organization:
>Environment:
>Description:
Upgrade security/strongswan port to version 5.0.4 which fixes CVE-2013-2944.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff --git a/strongswan/Makefile b/strongswan/Makefile
index 4296b95..1a32e41 100644
--- a/strongswan/Makefile
+++ b/strongswan/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD: ports/security/strongswan/Makefile,v 1.6 2013/01/07 12:42:39 svnexp Exp $
 
 PORTNAME=	strongswan
-PORTVERSION=	5.0.1
+PORTVERSION=	5.0.4
 CATEGORIES=	security
 MASTER_SITES=	http://download.strongswan.org/ \
 		http://download2.strongswan.org/
diff --git a/strongswan/distinfo b/strongswan/distinfo
index 05d5388..ff76032 100644
--- a/strongswan/distinfo
+++ b/strongswan/distinfo
@@ -1,2 +1,2 @@
-SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4
-SIZE (strongswan-5.0.1.tar.bz2) = 3146776
+SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
+SIZE (strongswan-5.0.4.tar.bz2) = 3412930
diff --git a/strongswan/pkg-plist b/strongswan/pkg-plist
index 645d473..170f10d 100644
--- a/strongswan/pkg-plist
+++ b/strongswan/pkg-plist
@@ -91,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pgp.so
 lib/ipsec/plugins/libstrongswan-pkcs1.a
 lib/ipsec/plugins/libstrongswan-pkcs1.la
 lib/ipsec/plugins/libstrongswan-pkcs1.so
+lib/ipsec/plugins/libstrongswan-pkcs7.a
+lib/ipsec/plugins/libstrongswan-pkcs7.la
+lib/ipsec/plugins/libstrongswan-pkcs7.so
 lib/ipsec/plugins/libstrongswan-pkcs8.a
 lib/ipsec/plugins/libstrongswan-pkcs8.la
 lib/ipsec/plugins/libstrongswan-pkcs8.so


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Tue Apr 30 18:50:08 UTC 2013 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=178266 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: strongswan@nanoteq.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/178266: security/strongswan - CVE-2013-2944
Date: Tue, 30 Apr 2013 18:50:07 UT

 Maintainer of security/strongswan,
 
 Please note that PR ports/178266 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/178266
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org

From: strongswan <strongswan@Nanoteq.com>
To: "bug-followup@FreeBSD.org" <bug-followup@FreeBSD.org>
Cc: strongswan <strongswan@Nanoteq.com>
Subject: RE: ports/178266: security/strongswan - CVE-2013-2944
Date: Thu, 2 May 2013 08:51:06 +0200

 I tested the patch with strongSwan 5.0.4 and FreeBSD.
 The patch is approved and may be committed.
 
 Thank you.
 
 -----Original Message-----
 From: Edwin Groothuis [mailto:edwin@FreeBSD.org]
 Sent: 30 April 2013 08:50 PM
 To: strongswan
 Cc: bug-followup@FreeBSD.org
 Subject: Re: ports/178266: security/strongswan - CVE-2013-2944
 
 Maintainer of security/strongswan,
 
 Please note that PR ports/178266 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix you agre=
 e on, reply to this email stating that you approve the patch and a committe=
 r will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/178266
 
 --
 Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
 
 
 
 Important Notice:
 
 This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail le=
 gal notice available at:
 http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx
 
 
State-Changed-From-To: feedback->open 
State-Changed-By: linimon 
State-Changed-When: Thu May 2 16:35:12 UTC 2013 
State-Changed-Why:  
Maintainer approved. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=178266 
Responsible-Changed-From-To: freebsd-ports-bugs->ohauer 
Responsible-Changed-By: ohauer 
Responsible-Changed-When: Fri May 3 17:38:43 UTC 2013 
Responsible-Changed-Why:  
I'll take it 

http://www.freebsd.org/cgi/query-pr.cgi?pr=178266 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/178266: commit references a PR
Date: Fri,  3 May 2013 18:16:50 +0000 (UTC)

 Author: ohauer
 Date: Fri May  3 18:16:35 2013
 New Revision: 317229
 URL: http://svnweb.freebsd.org/changeset/ports/317229
 
 Log:
   - update to version 5.0.4 which fixes CVE-2013-2944.
   - add entry to vuxml
   - add CVE references to jankins vuxml entry
   
   while I'm here remove .sh from rc script
   
   PR:		ports/178266
   Submitted by:	David Shane Holden <dpejesh@yahoo.com>
   Approved by:	strongswan@nanoteq.com (maintainer)
 
 Added:
   head/security/strongswan/files/strongswan.in
      - copied unchanged from r317225, head/security/strongswan/files/strongswan.sh.in
 Deleted:
   head/security/strongswan/files/strongswan.sh.in
 Modified:
   head/security/strongswan/Makefile
   head/security/strongswan/distinfo
   head/security/strongswan/pkg-plist
   head/security/vuxml/vuln.xml
 
 Modified: head/security/strongswan/Makefile
 ==============================================================================
 --- head/security/strongswan/Makefile	Fri May  3 18:03:28 2013	(r317228)
 +++ head/security/strongswan/Makefile	Fri May  3 18:16:35 2013	(r317229)
 @@ -2,7 +2,7 @@
  # $FreeBSD$
  
  PORTNAME=	strongswan
 -PORTVERSION=	5.0.1
 +PORTVERSION=	5.0.4
  CATEGORIES=	security
  MASTER_SITES=	http://download.strongswan.org/ \
  		http://download2.strongswan.org/
 @@ -15,7 +15,7 @@ LIB_DEPENDS=	execinfo:${PORTSDIR}/devel/
  USE_BZIP2=	yes
  USE_OPENSSL=	yes
  USE_AUTOTOOLS=	libtool
 -USE_RC_SUBR=	strongswan.sh
 +USE_RC_SUBR=	strongswan
  GNU_CONFIGURE=	yes
  USE_LDCONFIG=	yes
  
 
 Modified: head/security/strongswan/distinfo
 ==============================================================================
 --- head/security/strongswan/distinfo	Fri May  3 18:03:28 2013	(r317228)
 +++ head/security/strongswan/distinfo	Fri May  3 18:16:35 2013	(r317229)
 @@ -1,2 +1,2 @@
 -SHA256 (strongswan-5.0.1.tar.bz2) = 1a4dff19ef69d15e0b90b1ea80bd183235ac73b4ecd114aab58ed54de0f5c3b4
 -SIZE (strongswan-5.0.1.tar.bz2) = 3146776
 +SHA256 (strongswan-5.0.4.tar.bz2) = 3ec66d64046f652ab7556b3be8f9be8981fd32ef4a11e3e461a04d658928bfe2
 +SIZE (strongswan-5.0.4.tar.bz2) = 3412930
 
 Copied: head/security/strongswan/files/strongswan.in (from r317225, head/security/strongswan/files/strongswan.sh.in)
 ==============================================================================
 --- /dev/null	00:00:00 1970	(empty, because file is newly added)
 +++ head/security/strongswan/files/strongswan.in	Fri May  3 18:16:35 2013	(r317229, copy of r317225, head/security/strongswan/files/strongswan.sh.in)
 @@ -0,0 +1,33 @@
 +#!/bin/sh
 +# Start or stop strongswan
 +# $FreeBSD$
 +
 +# PROVIDE: strongswan
 +# REQUIRE: DAEMON
 +# BEFORE: LOGIN
 +# KEYWORD: shutdown
 +
 +command="%%PREFIX%%/sbin/ipsec"
 +. /etc/rc.subr
 +
 +name="strongswan"
 +rcvar=`set_rcvar`
 +extra_commands="reload statusall"
 +
 +load_rc_config $name
 +
 +start_cmd="strongswan_command start"
 +stop_cmd="strongswan_command stop"
 +restart_cmd="strongswan_command restart"
 +status_cmd="strongswan_command status"
 +reload_cmd="strongswan_command reload"
 +statusall_cmd="strongswan_command statusall"
 +
 +
 +strongswan_command()
 +{
 +	$command ${rc_arg}
 +}
 +
 +run_rc_command "$1"
 +
 
 Modified: head/security/strongswan/pkg-plist
 ==============================================================================
 --- head/security/strongswan/pkg-plist	Fri May  3 18:03:28 2013	(r317228)
 +++ head/security/strongswan/pkg-plist	Fri May  3 18:16:35 2013	(r317229)
 @@ -91,6 +91,9 @@ lib/ipsec/plugins/libstrongswan-pgp.so
  lib/ipsec/plugins/libstrongswan-pkcs1.a
  lib/ipsec/plugins/libstrongswan-pkcs1.la
  lib/ipsec/plugins/libstrongswan-pkcs1.so
 +lib/ipsec/plugins/libstrongswan-pkcs7.a
 +lib/ipsec/plugins/libstrongswan-pkcs7.la
 +lib/ipsec/plugins/libstrongswan-pkcs7.so
  lib/ipsec/plugins/libstrongswan-pkcs8.a
  lib/ipsec/plugins/libstrongswan-pkcs8.la
  lib/ipsec/plugins/libstrongswan-pkcs8.so
 
 Modified: head/security/vuxml/vuln.xml
 ==============================================================================
 --- head/security/vuxml/vuln.xml	Fri May  3 18:03:28 2013	(r317228)
 +++ head/security/vuxml/vuln.xml	Fri May  3 18:16:35 2013	(r317229)
 @@ -51,6 +51,36 @@ Note:  Please add new entries to the beg
  
  -->
  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
 +  <vuln vid="6ff570cb-b418-11e2-b279-20cf30e32f6d">
 +    <topic>strongSwan -- ECDSA signature verification issue</topic>
 +    <affects>
 +      <package>
 +	<name>strongswan</name>
 +	<range><lt>5.0.4</lt></range>
 +      </package>
 +    </affects>
 +    <description>
 +      <body xmlns="http://www.w3.org/1999/xhtml">
 +	<p>strongSwan security team reports:</p>
 +	<blockquote cite="http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html">
 +	  <p>If the openssl plugin is used for ECDSA signature verification an empty,
 +	    zeroed or otherwise invalid signature is handled as a legitimate one.
 +	    Both IKEv1 and IKEv2 are affected.</p>
 +	  <p>Affected are only installations that have enabled and loaded the OpenSSL
 +	    crypto backend (--enable-openssl). Builds using the default crypto backends
 +	    are not affected.</p>
 +	</blockquote>
 +      </body>
 +    </description>
 +    <references>
 +      <cvename>CVE-2013-2944</cvename>
 +    </references>
 +    <dates>
 +      <discovery>2013-05-03</discovery>
 +      <entry>2013-05-03</entry>
 +    </dates>
 +  </vuln>
 +
    <vuln vid="622e14b1-b40c-11e2-8441-00e0814cab4e">
      <topic>jenkins -- multiple vulnerabilities</topic>
      <affects>
 @@ -100,6 +130,10 @@ Note:  Please add new entries to the beg
      </description>
      <references>
        <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02</url>
 +      <cvename>CVE-2013-2034</cvename>
 +      <cvename>CVE-2013-2033</cvename>
 +      <cvename>CVE-2013-2034</cvename>
 +      <cvename>CVE-2013-1808</cvename>
      </references>
      <dates>
        <discovery>2013-05-02</discovery>
 _______________________________________________
 svn-ports-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/svn-ports-all
 To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: open->closed 
State-Changed-By: ohauer 
State-Changed-When: Fri May 3 18:26:24 UTC 2013 
State-Changed-Why:  
Committed, 
Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=178266 
>Unformatted:
