Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 11 Mar 2012 22:06:33 +0000
From:      "Simon L. B. Nielsen" <simon@FreeBSD.org>
To:        ohauer@FreeBSD.org
Cc:        cvs-ports@freebsd.org, cvs-all@freebsd.org
Subject:   Re: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh
Message-ID:  <D212A942-B3B1-4A3C-A292-C5CFF102BD3C@FreeBSD.org>
In-Reply-To: <4F5D2046.4030309@FreeBSD.org>
References:  <201203112132.q2BLWwTZ074498@repoman.freebsd.org> <4F5D2046.4030309@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

On 11 Mar 2012, at 21:59, Olli Hauer wrote:

> On 2012-03-11 22:32, Simon L. Nielsen wrote:
>> simon       2012-03-11 21:32:58 UTC
>>=20
>>  FreeBSD ports repository
>>=20
>>  Modified files:
>>    ports-mgmt/portaudit Makefile pkg-plist=20
>>    ports-mgmt/portaudit/files portaudit-cmd.sh=20
>>  Log:
>>  Portaudit 0.6.0:
>>=20
>>  Fix remote code execution which can occur with a specially crafted
>>  audit file.  The attacker would need to get the portaudit(1) to
>>  download the bad audit database, e.g. by performing a man in the
>>  middle attack.
>>=20
>>  Add signature verification of the portaudit database.  The public =
key
>>  is for the database generated for portaudit.FreeBSD.org is included
>>  in the distribution.
>>=20
>>  Submitted by:   Michael Gmelin <freebsd@grem.de>
>>  Reported by:    Michael Gmelin <freebsd@grem.de>, Joerg Scheinert
>>  Security:       Remote code execution
>>  Security:       =
http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
>>  Feature safe:   yes
>>  With hat:       so
>>=20
>>  Revision  Changes    Path
>>  1.30      +2 -1      ports/ports-mgmt/portaudit/Makefile
>>  1.20      +69 -10    =
ports/ports-mgmt/portaudit/files/portaudit-cmd.sh
>>  1.6       +1 -0      ports/ports-mgmt/portaudit/pkg-plist
>>=20
>> =
http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/Makefile.=
diff?&r1=3D1.29&r2=3D1.30&f=3Dh
>> =
http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/files/por=
taudit-cmd.sh.diff?&r1=3D1.19&r2=3D1.20&f=3Dh
>> =
http://www.FreeBSD.org/cgi/cvsweb.cgi/ports/ports-mgmt/portaudit/pkg-plist=
.diff?&r1=3D1.5&r2=3D1.6&f=3Dh
>=20
>=20
> Hi Simon,
>=20
> seems the public key was not committed

Doh, rookie mistake. Thanks! Fixed.

> and thanks for removing the annoying ""Vulnerability check disabled =
..." message

Np - it has been bugging me for years but not quiet enough... :-)

--=20
Simon L. B. Nielsen

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D212A942-B3B1-4A3C-A292-C5CFF102BD3C>