From owner-freebsd-ports Fri Jan 4 10:20: 8 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7157437B41B for ; Fri, 4 Jan 2002 10:20:00 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g04IK0N20691; Fri, 4 Jan 2002 10:20:00 -0800 (PST) (envelope-from gnats) Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 0116837B41A for ; Fri, 4 Jan 2002 10:15:34 -0800 (PST) Received: from cheshire.blacktabby.org ([12.233.190.154]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020104181533.MAWM20119.rwcrmhc51.attbi.com@cheshire.blacktabby.org> for ; Fri, 4 Jan 2002 18:15:33 +0000 Received: by cheshire.blacktabby.org (Postfix, from userid 1000) id 5D4065A7F; Fri, 4 Jan 2002 10:14:39 -0800 (PST) Message-Id: <20020104181439.5D4065A7F@cheshire.blacktabby.org> Date: Fri, 4 Jan 2002 10:14:39 -0800 (PST) From: Adam Kranzel Reply-To: Adam Kranzel To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/33546: Mark net/radius port forbidden (multiple buffer overflows) Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 33546 >Category: ports >Synopsis: Mark net/radius port forbidden (multiple buffer overflows) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Jan 04 10:20:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: Adam Kranzel >Release: FreeBSD 5.0-CURRENT i386 >Organization: >Environment: System: FreeBSD cheshire.blacktabby.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sat Dec 15 13:57:51 PST 2001 root@cheshire.blacktabby.org:/usr/obj/usr/src/sys/CHESHIRE-NODEBUG i386 >Description: The net/radius port currently is at version 3.6B1, which has multiple buffer overflows. It is currently unfetchable due to the distfile being removed from the master site, but I think that it should be marked as FORBIDDEN anyway, in case someone fetches the distfile by hand not knowing about the problems with it. Version 3.6B2 of the software fixes them, but it's not a simple upgrade so it may take me a while to finish it. In the meantime the included patch marks the port as FORBIDDEN until I (or someone else) upgrades the port to 3.6B2. >How-To-Repeat: n/a >Fix: diff -ruN radius.good/Makefile radius/Makefile --- radius.good/Makefile Thu Jan 3 09:38:09 2002 +++ radius/Makefile Thu Jan 3 10:06:10 2002 @@ -13,6 +13,13 @@ MAINTAINER= ports@FreeBSD.org +# See http://www.interlinknetworks.com/downloads/ +# at the bottom of the page. +# 3.6.B2 fixes them, if anyone feels like upgrading +# this port. + +FORBIDDEN= multiple buffer overflows + # restrictive copyright in several files, e.g., "src/sendserver.c" RESTRICTED= redistribution in binary only NO_CDROM= not allowed to charge fee for redistribution >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message