From owner-cvs-ports@FreeBSD.ORG  Sun Mar 11 21:32:58 2012
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 7C223106566B;
	Sun, 11 Mar 2012 21:32:58 +0000 (UTC)
	(envelope-from simon@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 4EC048FC0A;
	Sun, 11 Mar 2012 21:32:58 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id q2BLWwoi074499;
	Sun, 11 Mar 2012 21:32:58 GMT
	(envelope-from simon@repoman.freebsd.org)
Received: (from simon@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id q2BLWwTZ074498;
	Sun, 11 Mar 2012 21:32:58 GMT (envelope-from simon)
Message-Id: <201203112132.q2BLWwTZ074498@repoman.freebsd.org>
From: "Simon L. Nielsen" <simon@FreeBSD.org>
Date: Sun, 11 Mar 2012 21:32:58 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist
 ports/ports-mgmt/portaudit/files portaudit-cmd.sh
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2012 21:32:58 -0000

simon       2012-03-11 21:32:58 UTC

  FreeBSD ports repository

  Modified files:
    ports-mgmt/portaudit Makefile pkg-plist 
    ports-mgmt/portaudit/files portaudit-cmd.sh 
  Log:
  Portaudit 0.6.0:
  
  Fix remote code execution which can occur with a specially crafted
  audit file.  The attacker would need to get the portaudit(1) to
  download the bad audit database, e.g. by performing a man in the
  middle attack.
  
  Add signature verification of the portaudit database.  The public key
  is for the database generated for portaudit.FreeBSD.org is included
  in the distribution.
  
  Submitted by:   Michael Gmelin <freebsd@grem.de>
  Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
  Security:       Remote code execution
  Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
  Feature safe:   yes
  With hat:       so
  
  Revision  Changes    Path
  1.30      +2 -1      ports/ports-mgmt/portaudit/Makefile
  1.20      +69 -10    ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
  1.6       +1 -0      ports/ports-mgmt/portaudit/pkg-plist